There is no excerpt because this is a protected post.
You can use the following steps to disable the SIP session helper. You might want to disable the SIP session helper if you don’t want the FortiGate to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiGate can still accept SIP sessions if they are … Continue reading Fortigate: Disabling and enabling the SIP session helper
This Best Practice Guideline for Fortigate is compiled from both FortiOS 5.2 and 5.4 for common issues encountered by myself and shared to everyone to ensure the most secure and reliable operation of our Fortigate units. This is updated periodically as I come across known issues and best practice recommendations. A. General Configurations Below are … Continue reading Fortigate: Best Practices Guide (per Topic)
A guide on using publicly signed certificate for Forticlient SSL-VPN https://www.youtube.com/watch?v=lYQGEGExJ-o
Came across this problem that I am unable to use "Web Filtering" feature on my Fortigate 200B on Firmware 5.2.11 Web Filter error shows the following error before you can create a profile. Licensing information on Fortigate Portal shows I am licensed to use Web Filtering, but on my local firewall error shows "Unreachable" Things … Continue reading Fortigate: Web Filtering is “Unreachable”
Note that this is bit buggy for Fortigate FortiOS 5.2 but works for later versions. Also note that there is an issue with Google Chrome, sometimes allowing google.com even if its supposed to be blocked. Remember to add EXPLICIT DENY at the end of your list of wildcard sites == Does wildcard FQDNs work in … Continue reading Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy
Most modern web browser no longer support RC4 encrytion as it is officially declared unsecured by IETF memo RFC7465 published on February 2015. (See Workaround below to find an older browser to get around this error) Thus if RC4-Only encryption is enabled in SonicOS, it would block access to the Firewall Management Portal and will display "err_ssl_version_or_cipher_mismatch" error … Continue reading Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH