Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users

blah blah Solution 1 You can recreate the VPN and on Step 3, Unselect Allow Endpoint Registration Solution 2 Disable Endpoint Security Enable the feature first so the option will show up on the firewall. Under System -> Feature Select -> Security Features -> select Endpoint Control. Once Feature is enabled, Forticlient Profile will be … Continue reading Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users

Fortigate: New FortiOS Upgrade Path Tool

Early this week, Fortigate has removed the Upgrade Path table on the Fortigate Cookbook website gaining reaction from many of us. I spend a good number of minutes trying to look around where I can find the table I used to find in just a couple of google searches and clicks. The Upgrade Path tool … Continue reading Fortigate: New FortiOS Upgrade Path Tool

Fortigate: Disabling and enabling the SIP session helper

You can use the following steps to disable the SIP session helper. You might want to disable the SIP session helper if you don’t want the FortiGate to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiGate can still accept SIP sessions if they are … Continue reading Fortigate: Disabling and enabling the SIP session helper

Fortigate: Best Practices Guide (per Topic)

This Best Practice Guideline for Fortigate is compiled from both FortiOS 5.2 and 5.4 for common issues encountered by myself and shared to everyone to ensure the most secure and reliable operation of our Fortigate units. This is updated periodically as I come across known issues and best practice recommendations. A. General Configurations  Below are … Continue reading Fortigate: Best Practices Guide (per Topic)

Fortigate: Web Filtering is “Unreachable”

Came across this problem that I am unable to use "Web  Filtering" feature on my Fortigate 200B on Firmware 5.2.11 Web Filter error shows the following error before you can create a profile. Licensing information on Fortigate Portal shows I am licensed to use Web Filtering, but on my local firewall error shows "Unreachable" Things … Continue reading Fortigate: Web Filtering is “Unreachable”

Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy

  Does wildcard FQDNs work in policies? The answer is No.  But there is other way to allow wildcards through. As we all know, Wildcard FQDN firewall address should not be used in a firewall policy (Full details here). Simple explanation is that because the Firewall wont be able to query on to *.example.com when … Continue reading Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy

Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Most modern web browser no longer support RC4 encrytion as it is officially declared unsecured by IETF memo RFC7465 published on February 2015. (See Workaround below to find an older browser to get around this error) Thus if RC4-Only encryption is enabled in SonicOS, it would block access to the Firewall Management Portal and will display "err_ssl_version_or_cipher_mismatch" error … Continue reading Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH