Fortigate: Set up the Health Link Monitor

Health Link Monitor (as known as dead gateway detection) is used to for multiple WAN setup to monitor the status of the links and force a failover if necessary. Set up the Health Link Monitor and configure ping servers The following will ping a server of your choice, and if it stops receiving replies at … Continue reading Fortigate: Set up the Health Link Monitor

Fortigate: Disabling and enabling the SIP session helper

You can use the following steps to disable the SIP session helper. You might want to disable the SIP session helper if you don’t want the FortiGate to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiGate can still accept SIP sessions if they are … Continue reading Fortigate: Disabling and enabling the SIP session helper

Fortigate: Best Practices Guide (per Topic)

This Best Practice Guideline for Fortigate is compiled from both FortiOS 5.2 and 5.4 for common issues encountered by myself and shared to everyone to ensure the most secure and reliable operation of our Fortigate units. This is updated periodically as I come across known issues and best practice recommendations. A. General Configurations  Below are … Continue reading Fortigate: Best Practices Guide (per Topic)

Sonicwall Global VPN Client: Sonicwall GVC unable to connect through certain ISPs

In some cases, Sonicwall GVC is unable to connect to select ISPs/Networks, where it is proven working elsewhere (3G Tethering or other ISPs). Usual troubleshooting and things to look at is if VPN IPSec Passthrough is enabled on the home modem or router. There is another troubleshooting step that is worth trying, which is to … Continue reading Sonicwall Global VPN Client: Sonicwall GVC unable to connect through certain ISPs

Fortigate: Web Filtering is “Unreachable”

Came across this problem that I am unable to use "Web  Filtering" feature on my Fortigate 200B on Firmware 5.2.11 Web Filter error shows the following error before you can create a profile. Licensing information on Fortigate Portal shows I am licensed to use Web Filtering, but on my local firewall error shows "Unreachable" Things … Continue reading Fortigate: Web Filtering is “Unreachable”

Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy

Note that this is bit buggy for Fortigate FortiOS 5.2 but works for later versions. Also note that there is an issue with Google Chrome, sometimes allowing google.com even if its supposed to be blocked.  Remember to add EXPLICIT DENY at the end of your list of wildcard sites == Does wildcard FQDNs work in … Continue reading Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy

Fortigate: How to Source NAT traffic into a VPN Tunnel

Came across an issue on FortiOS 5.4 where a connection to remote peer via an IPSEC Tunnel suddenly stopped working. (My user told me it was working in the past atleast) Setup is the internal IP needs to be NAT'd to an IP that is known to the VPN peer. So for example, 10.5.0.5 (internal) … Continue reading Fortigate: How to Source NAT traffic into a VPN Tunnel

Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Most modern web browser no longer support RC4 encrytion as it is officially declared unsecured by IETF memo RFC7465 published on February 2015. (See Workaround below to find an older browser to get around this error) Thus if RC4-Only encryption is enabled in SonicOS, it would block access to the Firewall Management Portal and will display "err_ssl_version_or_cipher_mismatch" error … Continue reading Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH