FortiGuard DNS Rating Server (SDNS) unavailable

Last update from 12.05.2021 at 09:40 Swiss local time: We have noticed an improvement in the situation. Some rare rating timeouts still show up from time to time, but the majority of requests are being answered correctly. Also the DNS servers are working as usual again.

We have noticed an increase of support requests regarding the FortiGuard DNS rating service (SDNS) today. Therefore we want to inform you about the following issue.

«FortiGuard DNS Rating Server (SDNS) unavailable» weiterlesen

FortiGate SSLVPN Update-Empfehlung

Update, Nov 2020:

More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.

Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.

«FortiGate SSLVPN Update-Empfehlung» weiterlesen

FortiGate: Deny-Policies for SD-WAN members

SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the traffic is routed over another interface in case of an outage.

«FortiGate: Deny-Policies for SD-WAN members» weiterlesen

Fortigate VM Azure: IPsec performance issue

Based on two recent support cases regarding the IPsec performance between an OnPrem and Azure FortiGate, we did some testing using the latest FortiOS 6.4.1.

We’ve created a basic IPsec tunnel using the wizard, deployed an Ubuntu machine at both sites and used iPerf3 to do some speed testing. The results were nowhere near the expected numbers, while sending from Azure to OnPrem (~250Mbit/s) was a bit faster than reverse (~120Mbit/s).

«Fortigate VM Azure: IPsec performance issue» weiterlesen

 2,192 total views,  3 views today

What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI

Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.

It turned out that during the update process the server certificate used for the WebUI is lost.

Config with v6.0.4 (it does not happen with «self-signed» only):

config system global
set admin-server-cert "self-signed"
end
«What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI» weiterlesen