Skip to main content
buddyd
buddyd
New Member
October 18, 2016
Question

disable netbios via Fortigate 240D?

  • October 18, 2016
  • 1 reply
  • 15034 views

Greetings Folks,

We have an active-passive cluster of 240D's, current OS is 5.2.8 build 727. Without going into too much detail, we are trying to use the Fortigate to disable NetBIOS over tcp/ip on Windows machines as we have recently seen a large amount of NBstat.Query errors from the IPS. Tech Support has provided documentation to do this, we have it configured but it seems to be ineffective. The command line (see below) will work if run directly on the Windows device but once converted to hex and added to the FG config, nothing. I have been assured by Fortinet tech support that the syntax/config is correct on the Fortigate.

Anyone else ever successfully do this? Has anyone been able to get this to work?

 

Any help/advice is greatly appreciated.

 

Thank you.

Buddy

 

######################################################

 

wmic /interactive:off nicconfig where TcpipNetbiosOptions=0 call SetTcpipNetbios 2

 

# config vdom

# edit #####FW1

# config system dhcp server

# edit 5

#

config system dhcp server
 
    edit 5
        set status enable
        set lease-time 604800
        set mac-acl-default-action assign
        set forticlient-on-net-status enable
        set dns-service specify
        set wifi-ac1 0.0.0.0
        set wifi-ac2 0.0.0.0
        set wifi-ac3 0.0.0.0
        set ntp-service specify
        set domain ''
        set wins-server1 0.0.0.0
        set wins-server2 0.0.0.0
        set default-gateway 192.168.26.1
        set next-server 0.0.0.0
        set netmask 255.255.254.0
        set interface "Wifi Guest"
            config ip-range
                edit 1
                    set start-ip 192.168.26.2
                    set end-ip 192.168.26.200
                next
            end
--More--                  set timezone-option default
        set tftp-server ''
        set filename ''
        set option1 252 '776d6963202f696e7465726163746976653a6f6666206e6963636f6e6669672077686572652054637069704e657462696f734f7074696f6e733d302063616c6c2053657454637069704e657462696f732032'
        set option2 0
        set option3 0
        set option4 0
        set option5 0
        set option6 0
        set server-type regular
        set conflicted-ip-timeout 1800
        set auto-configuration enable
        set vci-match disable
        set dns-server1 8.8.8.8
        set dns-server2 4.2.2.2
        set dns-server3 0.0.0.0
        set ntp-server1 0.0.0.0
        set ntp-server2 0.0.0.0
        set ntp-server3 0.0.0.0
    next
end
 

 

 

    1 reply

    emnoc
    emnoc
    New Member
    October 18, 2016

    Nebios over TCP?  And nbstat.query, i would look for fortinet and a vips signature for this. I believe they have one or could write one for you if not available now.

     

    buddyd
    buddydAuthor
    New Member
    October 18, 2016

    Thanks emnoc.

     

    We've noticed the IPS warning (nbstat.query) seems to be triggered by Windows 10 machines only, some testing with Windows 7 laptops doesn't exhibit the same behavior.

    My question is, if the configuration above for the dhcp server is correct (confirmed by Fortinet Support), then why doesn't it work?

    emnoc
    emnoc
    New Member
    October 19, 2016

    I believe that option #46  is used,  IF you have listed WINServers.

     

    Terms & ConditionsCookie settingsAccessibility statement