Spoiler alert: Current FortiOS versions do not allow BGP blackhole routing. But we have a workaround ready for you.
FortiGate and BGP Blackhole Routing
FortiOS 7.6.3 – SSL VPN tunnel mode is no longer supported!
Fortinet has released FortiOS 7.6.3 on April 17th. There are a lot of resovled issues but again another feature was completely removed. After the SSLVPN (tunnel- and web-mode) has been completely removed on models with only 2GB RAM and the small G models, now SSLVPN tunnel-mode has been removed on…
FortiClient für ARM Prozessoren
Mit der neusten FortiClient Version 7.4.3 hat Fortinet erstmals eine ARM-kompatible Version veröffentlicht und unterstützt damit auch neue Laptops und Tablets (als Beispiel Microsoft Surface Modelle). Im Support Portal kann dieser Client ab sofort heruntergeladen werden. Nebst dem EMS gemanagten Client gibt es auch den VPN only Client als Standalone…
Achtung: neues Default-Verhalten bei Fortigate Konfigurationen mit One-Arm Interface – z.B. mit der ACI Fabric
Einleitung One-Arm-Installation bedürfen einem speziellen Augenmerk, insbesondere wenn es um den Redirect vom Traffic geht – also Traffic, der über das gleiche logische Interface rausgeschickt wird, wo er auch reingekommen ist. Auf der Fortigate wird der Redirect Traffic per default erlaubt, so dass der Traffic ohne weitere Prüfung durch die…
CheatSheet – FortiAnalyzer & FortiManager v7.4
We have updated our CheatSheet for the FortiAnalyzer/FortiManager to the OS version 7.4. We still have the divided sections for FortiAnalyzer Logging, FortiAnalyzer Reporting and FortiManager with all of our regularly used commands and some CLI-based debug examples that are also featured in the official training materials. We hope that…
FortiOS 7.6 Important Change for SSLVPN
After the significant updates that have been introduced since 7.4.4 regarding proxy-based inspection, the next important announcement will be published. If you’re using a FortiGate model with 2GB of RAM or less, there’s a critical update you need to be aware of: the SSL VPN web and tunnel mode features…
Is Your FortiGate Under Attack?
In this article, we want to point out some indicators used to determine if your FortiGate is under attack.
Reduce Memory by Adjusting ISDB Settings
Especially on Fortigates with little memory (e.g. FG60F, FG50G) it makes sense to configure the device in a memory-saving way. Ideally – of course – without reducing the memory by disabling certain features.
FortiSwitch not Applying Configuration from FortiGate
Do you have FortiSwitches that do not accept configuration changes made on the FortiGate switch controller? Also, when you run the CLI command ‘execute switch-controller get-conn-status’, do you see the ‘flag’ with a value of ‘E’?
Remediation Steps if your FortiGate got Hacked or Attacked
… or accessed from any unauthorized party. In some cases it’s not even necessary to hack a system to gain access to it. For example it may be enough to leak a configuration file to allow unauthorized system access. Fortunately, many cases of a suspected hack turn out to be…
