In the context of SSL VPN, we sometimes receive the question, if it’s possible to assign IP-addresses using an external DHCP server. Unfortunatly this is not possible on the FortiGate.«FortiGate SSL VPN: Assign IP-Addresses using an external DHCP Server» weiterlesen
Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not.
In the default setting of a Fortigate the SIP ALG is active.«Disable the SIP ALG/Session Helper on the Fortigate» weiterlesen
Unser letzter Beitrag zur Konfiguration einer Fortigate, um zuhause auch Swisscom TV durch die Fortigate zu bekommen, ist schon eine zeitlang her. Deswegen hier mal wieder ein aktueller Beitrag mit einer Fortigate auf FOS 7.0.0 (der auch mit 6.4.5 getestet wurde).
In diesem Beispiel hängt die Swisscom TV Box am DMZ Port der Fortigate und bezieht von dort eine DHCP Adresse, welche per DHCP Reservation fixiert wird:«Fortigate und Swisscom TV – zum dritten» weiterlesen
1,097 total views, 3 views today
Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.
Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.
This blog post regards the following CVE reports:«Exchange Hafnium Vulnerability March 2021» weiterlesen
Im Laufe des Lebenszyklus von Firewalls werden diese oftmals ersetzt mit einem neueren Modell, die Konfiguration möchte man aber gerne übernehmen. Für diesen Fall gibt es verschiedene Möglichkeiten, die wir in diesem Blog Beitrag vorstellen:
English article can be found here: How to transfer a FortiGate configuration to a newer model«So übertragen Sie eine FortiGate Konfiguration auf ein neueres Modell» weiterlesen
The good news first: If you’re currently using the FortiClient to establish a Dialup IPsec VPN (Aggressive, PSK based), the same configuration should also work with the native macOS client.«FortiGate: IPsec VPN with native macOS client» weiterlesen
Are you running FortiOS 6.2.x and your Web Filter Overrides suddenly stopped working? Then read ahead.«FortiOS 6.2: IPS Engine Update affects behaviour of Web Filter Overrides» weiterlesen
«FortiGate SSLVPN Update-Empfehlung» weiterlesen
Update, Nov 2020:
More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.
Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.
SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the traffic is routed over another interface in case of an outage.«FortiGate: Deny-Policies for SD-WAN members» weiterlesen
The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.
Hopefully this CheatSheet will help you as well.
You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.
Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)
1,851 total views, 5 views today