Known issue to: FortiOS 5.2.x (can also apply to higher versions). But 5.4.x and later has already disabled weaker ciphers DES, RC4 and SSLv3, so Firewalls running on later version are less-prone to vulnerabilities. Recommendations/Mitigations: What does strong encryption do? Enabling the use of strong encryption will only allow strong ciphers such as: AES … Continue reading Fortigate 5.2 Vulnerability: SSH/SSL – Weak Encryptions
Fortigate:Product Guide – Models Max Values
Came across a very helpful tool in choosing the right Fortigate model based on max values of each model http://help.fortinet.com/fgt/56/max-values/5-6-3/max-values.html
Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users
blah blah Solution 1 You can recreate the VPN and on Step 3, Unselect Allow Endpoint Registration Solution 2 Disable Endpoint Security Enable the feature first so the option will show up on the firewall. Under System -> Feature Select -> Security Features -> select Endpoint Control. Once Feature is enabled, Forticlient Profile will be … Continue reading Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users
Fortigate: New FortiOS Upgrade Path Tool
Early this week, Fortigate has removed the Upgrade Path table on the Fortigate Cookbook website gaining reaction from many of us. I spend a good number of minutes trying to look around where I can find the table I used to find in just a couple of google searches and clicks. The Upgrade Path tool … Continue reading Fortigate: New FortiOS Upgrade Path Tool
Protected: Fortigate: How to monitor and block Torrent / P2P traffic?
There is no excerpt because this is a protected post.
Fortigate: Log Monitoring and Email Alerting via Fortianalyzer
Using the logs sent by your Fortigate Firewall to your Fortianalyzer, you can set up an monitoring/alerting function for any logs or events captured. This is very helpful in monitoring critical systems and functions such as interface flaps or VPN IPsec Issues. You can monitor any events as long as it is logged. In this … Continue reading Fortigate: Log Monitoring and Email Alerting via Fortianalyzer
Fortigate: Set up the Health Link Monitor
Health Link Monitor (as known as dead gateway detection) is used to for multiple WAN setup to monitor the status of the links and force a failover if necessary. Set up the Health Link Monitor and configure ping servers The following will ping a server of your choice, and if it stops receiving replies at … Continue reading Fortigate: Set up the Health Link Monitor
Fortigate: Missing Features on your Fortigate Firewall?
On Fortigate 5.6 Feature Visibility (System -> Feature Visibility) allows administrator to enable/disable Firewall Features Features such as Policy Routes, RIP, OSPF, BGP, Multicast Enabled by: Basic Features -> Advanced Routing (to be populated)
Fortigate: Installing SSL Certificate for SSL-VPN Guide
INSTALLING A NEW SSL-VPN CERTIFICATE (To Renew Certificate, see separate article here) Generate a new CSR to be signed by the CA Under System -> Certificates -> GenerateCreate a new Certificate Name Populate OU, Organization, City, Country and Email Address Download the .CSR file Go back to Certificates page, Highlight the new Certificate Name you … Continue reading Fortigate: Installing SSL Certificate for SSL-VPN Guide
Fortigate: Using Publicly Signed Certificates for SSL VPNs
A guide on using publicly signed certificate for Forticlient SSL-VPN https://www.youtube.com/watch?v=lYQGEGExJ-o