I use my FortiAnalyzer (7.4.8) as a "poor man" syslog server and am
trying to see if I can incorporate logging from Cisco Umbrella. Cisco
Umbrella only sends to AWS S3 storage and I have the path and keys for
said bucket. I saw where FortiSIEM has sa...
Just need a little validation check against something I am implementing
yet feel like I am losing something as well. What I mean by that is, I
have in my environment, an edge firewall (this is where my users get
their primary Internet from), a core f...
This is my first foray into the need for VXLAN and have some questions.
My current site has a L3 Aruba switch, which handles my internal VLANs,
an egress VLAN connecting to my FortiGate which connects to both a
private WAN circuit to my data center (...
Was just running through some clean up and auditing some processes and
wanted to get some thoughts of what others might be doing in regards of
having both ISDB
(https://community.fortinet.com/t5/FortiGate/Technical-Tip-Blocking-Potential-threats-over...
Was doing some log parsing and came across some traffic flows that had
me scratching my head. I have a policy with DPI enabled, but I do have
reputable websites with various categories and address objects exempt. I
also have a application control pro...
Thanks for that. I'm going to further this up the food chain with my
territory sales support engineer. It looks like 7.6.x out the box
handles all of the Forti products for the most part plus Windows,
Ubuntu, Apache, and a few others. The SOC Automat...
It kind of depends. I know you have only defined the operating system,
but in the end, I am assuming the primary application need for this, is
the browser app of choice. In the past, I have had issues with Safari,
for example, by not having the compl...
That is how I did mine. Using one sub CA certificate created and
importing it to all of my FortiGates. It used to be where all you needed
on the device was the root CA since the trust for the sub CA was already
there, but with more modern browsers, y...
In my situation, it is. My ISP is also my VoIP provider, so they retain
DSCP markings to their servers and back to me as long as my equipment
retains those markings along its internal path. That part of it has been
confirmed and proven.
