Hi all, another vulnerability – log4j – is keeping us all on our toes.In this blog article you will find information about log4j from our vendors.
Information on Log4j Vulnerability / CVE-2021-44228
Fortigate S2S-Dialup VPN – Traffic does not run through IPsec tunnel anymore
After Fortigate upgrade v6.4 > v7.0.1 (or later) the S2S-dialup VPNs did not work anymore. Tunnel negotiation is successful and phase 1 and 2 get up. Traffic from spoke is routed into the tunnel, but is seems that the traffic is not received by the hub.
CheatSheet – FortiOS v7.0
We have adapted our CheatSheet for FortiOS version 7.0 and added new commands. The Cheat Sheet is divided into different sections. Depending on the topic, you can find the necessary commands to display more information or find problems. We hope that this will contribute to quick solutions of existing problems.
FortiGate PPPoE inside a VLAN
Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN…
CheatSheet – FortiOS v6.4
The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet. Hopefully this CheatSheet will help you as well. You will find the most…
FortiAP and VLAN ID 97 or 98
Did you know, that on the FortiAP FAP-C24JE, the VLAN ID’s 898 and 899 are reserved for system use? Or that the FortiAP models FAP-S221E, FAP-S223E, FAP-221E, FAP-222E, FAP-223E and FAP-224E can not work with VLAN ID 97 and 98? I’m sure you already guessed it: These ID’s are reserved…
Websites are not working anymore
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:
CheatSheet – FortiOS v6.2
With FortiOS 6.2 a few new CLI commands have been added to the Security Fabric or Switch integration. That’s why we created a new version of the Cheat Sheet and published it here.
New PSIRT-Advisory from Fortinet
Last week Fortinet has released a critical PSIRT-Advisory “Improper check for certificate revocation vulnerability” Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?
Migrate Fortigate Configurations with FortiConverter
Starting with FortiConverter 6.0, any kind of conversion requires a valid license Fortinet has published a very nice and helpful tool for converting firewall configs from other vendors into a Fortigate configuration file. Also an old Fortigate config file can be used as the source file. So if you are…
