The good news first: If you’re currently using the FortiClient to establish a Dialup IPsec VPN (Aggressive, PSK based), the same configuration should also work with the native macOS client.
FortiGate: IPsec VPN with native macOS client
FortiGate SSLVPN Update-Empfehlung
Update, Nov 2020: More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have…
CheatSheet – FortiOS v6.4
The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet. Hopefully this CheatSheet will help you as well. You will find the most…
Fortigate VM Azure: IPsec performance issue
Based on two recent support cases regarding the IPsec performance between an OnPrem and Azure FortiGate, we did some testing using the latest FortiOS 6.4.1. We’ve created a basic IPsec tunnel using the wizard, deployed an Ubuntu machine at both sites and used iPerf3 to do some speed testing. The…
Websites are not working anymore
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:
CheatSheet – FortiOS v6.2
With FortiOS 6.2 a few new CLI commands have been added to the Security Fabric or Switch integration. That’s why we created a new version of the Cheat Sheet and published it here.
FortiOS 6.2: Upgrade Notes
Due to several known issues, we did not recommend the use of FortiOS 6.2 in productive environments for the first couple of months. As per FortiOS 6.2.5, we noticed that most of the issues have been resolved. Please have a look into our FortiOS upgrade guide for the upgrade procedure.
What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine. It turned out that during the update process the server certificate used for the WebUI is lost. Config with v6.0.4…
What’s new with FortiOS 6.2: FortiGuard Requests
FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol…
New PSIRT-Advisory from Fortinet
Last week Fortinet has released a critical PSIRT-Advisory “Improper check for certificate revocation vulnerability” Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?
