Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users

blah blah Solution 1 You can recreate the VPN and on Step 3, Unselect Allow Endpoint Registration Solution 2 Disable Endpoint Security Enable the feature first so the option will show up on the firewall. Under System -> Feature Select -> Security Features -> select Endpoint Control. Once Feature is enabled, Forticlient Profile will be … Continue reading Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users

Fortigate: New FortiOS Upgrade Path Tool

Early this week, Fortigate has removed the Upgrade Path table on the Fortigate Cookbook website gaining reaction from many of us. I spend a good number of minutes trying to look around where I can find the table I used to find in just a couple of google searches and clicks. The Upgrade Path tool … Continue reading Fortigate: New FortiOS Upgrade Path Tool

Sonicwall GVC VPN: Unable to connect to VPN. Error: “Packet length mismatch with interface MTU”

I had a client who was unable to connect to the Sonicwall VPN via GVC (Global VPN Client). Packet capture showed initial inbound traffic to the Sonicwall from Client is being dropped. Logs as below: 50 03/30/2016 14:16:06.912 X4*(i) -- VPN.CLIENT.IP.HERE SONICWALL.WAN.IP.HERE IP UDP 500,500 DROPPED 60[60] 51 03/30/2016 14:16:06.912 X4*(i) -- VPN.CLIENT.IP.HERE SONICWALL.WAN.IP.HERE IP … Continue reading Sonicwall GVC VPN: Unable to connect to VPN. Error: “Packet length mismatch with interface MTU”

Fortigate: Set up the Health Link Monitor

Health Link Monitor (as known as dead gateway detection) is used to for multiple WAN setup to monitor the status of the links and force a failover if necessary. Set up the Health Link Monitor and configure ping servers The following will ping a server of your choice, and if it stops receiving replies at … Continue reading Fortigate: Set up the Health Link Monitor

Fortigate: Disabling and enabling the SIP session helper

You can use the following steps to disable the SIP session helper. You might want to disable the SIP session helper if you don’t want the FortiGate to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiGate can still accept SIP sessions if they are … Continue reading Fortigate: Disabling and enabling the SIP session helper

Fortigate: Best Practices Guide (per Topic)

This Best Practice Guideline for Fortigate is compiled from both FortiOS 5.2 and 5.4 for common issues encountered by myself and shared to everyone to ensure the most secure and reliable operation of our Fortigate units. This is updated periodically as I come across known issues and best practice recommendations. A. General Configurations  Below are … Continue reading Fortigate: Best Practices Guide (per Topic)

Sonicwall Global VPN Client: Sonicwall GVC unable to connect through certain ISPs

In some cases, Sonicwall GVC is unable to connect to select ISPs/Networks, where it is proven working elsewhere (3G Tethering or other ISPs). Usual troubleshooting and things to look at is if VPN IPSec Passthrough is enabled on the home modem or router. There is another troubleshooting step that is worth trying, which is to … Continue reading Sonicwall Global VPN Client: Sonicwall GVC unable to connect through certain ISPs