The good news first: If you’re currently using the FortiClient to establish a Dialup IPsec VPN (Aggressive, PSK based), the same configuration should also work with the native macOS client.
„FortiGate: IPsec VPN with native macOS client“ weiterlesenFortiOS 6.2: IPS Engine Update affects behaviour of Web Filter Overrides
Are you running FortiOS 6.2.x and your Web Filter Overrides suddenly stopped working? Then read ahead.
„FortiOS 6.2: IPS Engine Update affects behaviour of Web Filter Overrides“ weiterlesenFortiGate SSLVPN Update-Empfehlung
„FortiGate SSLVPN Update-Empfehlung“ weiterlesenUpdate, Nov 2020:
More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.
Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.
FortiGate: Deny-Policies for SD-WAN members
SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the traffic is routed over another interface in case of an outage.
„FortiGate: Deny-Policies for SD-WAN members“ weiterlesenCheatSheet – FortiOS v6.4
The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.
Hopefully this CheatSheet will help you as well.
You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.
Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)
Happy troubleshooting!
1,010 total views, 1 views today
Fortigate VM Azure: IPsec performance issue
Based on two recent support cases regarding the IPsec performance between an OnPrem and Azure FortiGate, we did some testing using the latest FortiOS 6.4.1.
We’ve created a basic IPsec tunnel using the wizard, deployed an Ubuntu machine at both sites and used iPerf3 to do some speed testing. The results were nowhere near the expected numbers, while sending from Azure to OnPrem (~250Mbit/s) was a bit faster than reverse (~120Mbit/s).
„Fortigate VM Azure: IPsec performance issue“ weiterlesen1,432 total views, 1 views today
FortiAP and VLAN ID 97 or 98
Did you know, that on the FortiAP FAP-C24JE, the VLAN ID’s 898 and 899 are reserved for system use?
Or that the FortiAP models FAP-S221E, FAP-S223E, FAP-221E, FAP-222E, FAP-223E and FAP-224E can not work with VLAN ID 97 and 98? I’m sure you already guessed it: These ID’s are reserved for system use.
„FortiAP and VLAN ID 97 or 98“ weiterlesenWebsites are not working anymore
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:
4,281 total views, 13 views today
Troubleshooting FortiGate SSLVPN problems
Configuring SSLVPN with FortiGate and FortiClient is pretty easy. Nevertheless problems may occur while establishing or using the SSLVPN connection.
„Troubleshooting FortiGate SSLVPN problems“ weiterlesen12,141 total views, 20 views today
FortiClient VPN: Download Mirror
Da die Server von www.forticlient.com gut ausgelastet waren zu beginn der Homeoffice-Zeit wegen COVID-19, haben wir unseren Resellern hier während dieser Zeit den Download des FortiClients über unsere Server ermöglicht. Dies ist unterdessen nicht mehr notwendig und daher haben wir die Links wieder entfernt. Wir Verweisen auf www.forticlient.com.
Fortinet hat übrigens aufgrund der grossen Supportanfrage zum Thema eine eigene Seite für Home-Office/Remote-Office Thematiken erstellt. Darauf sind viele Anleitungen und Videos zum Thema zu finden. Der Artikel ist hier zu finden.
2,601 total views, 1 views today