Use case: Customer has two ISP connections at both sites. Two VPNs
configured. ISP1 to ISP1 and ISP2 to ISP2. Customer wanted to lower the
time it takes for the VPN to drop and the other VPN come up. One of the
options I discussed with the customer w...
First and foremost, a special shout out to a friend that helped with
this config. Juan Perez, thank you brother. Use Case: Customer wants a
single SSID in his environment. He wants Teachers on a VLAN once they
connect on a managed workstation (AD Mem...
I am a BIG supporter of Central NAT. I believe it is in-line with the
present day firewall platforms. Even if you use Policy NAT (the original
way on FortiOS) or Central NAT you normally want bidirectional NAT'ng,
that is SNAT and DNAT. DNAT / VIP Th...
I am currently running FortiOS 6.4 on this FortiGate. The use case is to
have an out-of-band interface that points to a separate routing table or
in this case, a VRF which stands for Virtual Routing and Forwarding. In
my scenario I will create one in...
Today, a customer asked me about selectively assigning FortiTokens to AD
users using FortiAuthenticator. In this use case, I am going to use an
AD group Token-Users to auto-assign FortiTokens to and another group,
Non-Tokens which will be used to aut...
There are a few ways to skin this cat. Depending on the version of
FortiOS you are running. In 6.2 we introduced "Dynamic Address Lists"
you can set up a web-server internally as an example and add the IP
addresses you want to block. The Fortigate wi...
Under 'Security Profiles', 'Intrusion Prevention' ensure you have the
correct IPS Profile selected (the one in the policy that is firing). Go
to 'IPS Signatures' and choose 'Add Signature' Filter by name and choose
"Snort.TCP.SACK.Option.DoS" and on ...
This COULD be a trick question in a sense. Some Vulnerability scans are
done in a stealthy manner, while some are not. The best practice is to
have IPS enabled on your policies and ensure that your notification on
the FAZ are set correctly. One thing...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.