Help
Fortinet Community

The community is a place to collaborate, share insights and experiences, and get answers to questions.

CGoodwin's Posts

Re: File Transferred By Application (No Data)

by in Support Forum
‎08-08-2018 09:40 AM
‎08-08-2018 09:40 AM
Just as a side note, applications like Dropbox that has it own cert store wont normally work with Deep packet inspection and an exception will have to be setup. Meaning you wont see the files transfe... See more...
Just as a side note, applications like Dropbox that has it own cert store wont normally work with Deep packet inspection and an exception will have to be setup. Meaning you wont see the files transferred in the logs I am guessing.

Run a report to show info from across all ADOMS

by in Support Forum
‎08-08-2018 09:17 AM
‎08-08-2018 09:17 AM
Hello, We have a number of ADOMS on our FAZ, each is belonging to a customer. I want to run a report to show trends or common attacks/Viruses across all these ADOMS. Is this possible say from the ro... See more...
Hello, We have a number of ADOMS on our FAZ, each is belonging to a customer. I want to run a report to show trends or common attacks/Viruses across all these ADOMS. Is this possible say from the root ADOM?   FAZ Firmware 5.6.5 Logging in as admin with full access to all ADOMS

FortiGate 90E and Webfilterting using FSSO not working

by in Support Forum
‎04-27-2017 03:06 AM
‎04-27-2017 03:06 AM
Hello All, I am having an issue with a Fortigate 90E I am setting up with web filtering policy's based on users AD groups. The groups are made on the fortigate set to FSSO and referencing Active Dir... See more...
Hello All, I am having an issue with a Fortigate 90E I am setting up with web filtering policy's based on users AD groups. The groups are made on the fortigate set to FSSO and referencing Active Directory user groups   There are 4 policies for LAN to WAN1. Policy 1 in the sequence is  LAN to WAN1 with a user group for blocked users and a webfilter set to block all with a number of exceptions. Policy 2 is a restricted setup with a FSSO user group for restricted users and webfilter Policy 3 is a Full internet access FSSO group and web filter Policy 4 is a catchall for unauthenticated devices or users not in the above groups   At the moment there is no users in the groups so they should be filtering down to the catch all policy. However when the policies are turned on, all traffic hits policy1 regardless of security group of the domain user.   FSSO collector is installed on the DC and working. LDAP is working on both the collector and the Fortigate and reading all user groups the users have access to.   The users get a GPO that turns on Remote registry, Windows firewall allowances, Cert for the firewall for SSL inspection and Interactive logon to reauth on the domain at unlocks of the workstations.   This is working on two other sites of this companies but they are both D models (a 90, 90 cluster Edge and 300D Core cluster) But on this new 90E all traffic hits the first policy regardless of Groups. If I move the policy order around, again traffic uses the first policy in the sequence. Which ever one that might be.
Labels:

Re: Try to block FB=Your connection is not private, cannot proceed

by in Support Forum
‎04-27-2017 02:23 AM
‎04-27-2017 02:23 AM
Hello VedranOP, You will need to download the cert you are using for ssl inspection on the Fortigate. In your case its the default "Fortinet_CS_SSLProxy" cert. Once you have this you can ether deplo... See more...
Hello VedranOP, You will need to download the cert you are using for ssl inspection on the Fortigate. In your case its the default "Fortinet_CS_SSLProxy" cert. Once you have this you can ether deploy it with a GPO of your domain to PC's or manually install it into the PC's cert center. You need to put it into two locations. Trusted Publishers and Trusted Root Certification Authorities.     

FortiGate as remote site DNS for Domain Clients

by in Support Forum
‎02-05-2016 05:10 AM
‎02-05-2016 05:10 AM
Hello all, So we are testing using fortigates as DNS servers for remote sites. Our test site is as follows. A Windows Domain Server Hosted in Azure 192.168.1.10 (HQ Server) Site to Site VPN Forti... See more...
Hello all, So we are testing using fortigates as DNS servers for remote sites. Our test site is as follows. A Windows Domain Server Hosted in Azure 192.168.1.10 (HQ Server) Site to Site VPN FortiGate 60D in the remote site 192.168.10.254   The DNS Server on the Domain controller is configured to use the fortigate as a Second Name server. Zone Transfer is set to use the Name servers of the Zone and so is Notify   DNS Database is turned on, on the 60D A salve database is configured on the DNS Server settings below: Type: salve View: Shadow DNS Zone: company.local Domain: company.local IP of Master: 192.168.1.10 Authoritative: Enabled   Interface Services configured for the internal interface I also added in the Set Source-ip to the internal interface and set forwarder to the HQ DC   But users could not long on and where getting no name servers found. I then also configured the _msdcs Zone   Type: salve View: Shadow DNS Zone: _msdcs.company.locall Domain: _msdcs.company.local <-- I had to do this as it will not allow me to have company.local as the above database is using it IP of Master: 192.168.1.10 Authoritative: Enabled   But still no signons. Anyone any thoughts? CLI config: config system dns-database edit "company.local" set domain "company.local" set type slave set forwarder "192.168.1.10" set source-ip 192.168.10.254 set ip-master 192.168.1.10 next edit "_msdcs.company.local" set domain "_msdcs.company.local" set type slave set forwarder "192.168.1.10" set source-ip 192.168.10.254 set ip-master 192.168.1.10 next end

NSE7 Course material

by in Support Forum
‎02-04-2016 12:58 PM
‎02-04-2016 12:58 PM
Hello All, I done the FortiGate III online course in December, my NSE7 Exam is on Monday coming. I'm finding it really hard to study off half complete screen shots from the course. I was under the i... See more...
Hello All, I done the FortiGate III online course in December, my NSE7 Exam is on Monday coming. I'm finding it really hard to study off half complete screen shots from the course. I was under the impression we would have gotten some sort of study material after completion. But sadly not, and the course instructor would not answer any mails requesting a complete copy of the Slides from the course. Is there anything?
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.