Fortigate: Web Filtering is “Unreachable”

Came across this problem that I am unable to use "Web  Filtering" feature on my Fortigate 200B on Firmware 5.2.11 Web Filter error shows the following error before you can create a profile. Licensing information on Fortigate Portal shows I am licensed to use Web Filtering, but on my local firewall error shows "Unreachable" Things … Continue reading Fortigate: Web Filtering is “Unreachable”

Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy

The answer is No. It won't work. As we all know, Wildcard FQDN firewall address should not be used in a firewall policy (Full details here). Simple explanation is that because the Firewall wont be able to query on to *.example.com when it tests the policy. There, however is a workaround. Use WEB-POLICY. In my … Continue reading Fortigate: How to allow (or deny) wildcard FQDN (Domains) in Policy

Fortigate: How to Source NAT traffic into a VPN Tunnel

Came across an issue on FortiOS 5.4 where a connection to remote peer via an IPSEC Tunnel suddenly stopped working. (My user told me it was working in the past atleast) Setup is the internal IP needs to be NAT'd to an IP that is known to the VPN peer. So for example, 10.5.0.5 (internal) … Continue reading Fortigate: How to Source NAT traffic into a VPN Tunnel

Gartner’s 2017 Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) Released

  Here is an overview of the leaders in Unified Threat Management (UTM) for 2017. The quadrant is based on the vendor's ability to execute and the completeness of vision.  For 8th straight year, Fortinet is recognized as the market leader in UTMs. To learn more about Gartner's complete view of the UTM market, register for … Continue reading Gartner’s 2017 Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) Released

Tools: Flow Trace in Fortigate

The flow trace feature in the FortiGate units allows you to trace to flow of a packet through the firewall you are consoled to. It allows you to see if the packet is being denied for some reason or being allowed by a particular policy. You can also see what NAT rule and routing is … Continue reading Tools: Flow Trace in Fortigate

#WCry Wannacry Security Recommendations

Outbreak Date: 13 May 2017 - (Ransomware) WannaCry I know its bit old, and (almost?) quiet (perhaps, evolving) after the "kill switch" was triggered up. But here are my compiled Security Recommendations from various Firewall Vendors on mitigating the risks and protecting your network from the threats brought about by this ransomware known as WannaCry.  Yesterday, another … Continue reading #WCry Wannacry Security Recommendations