Technical Tip: WAD (wad-config-notify) process con...

nathan_h · 01-02-2025

Description This article describes how to avoid downtime on a Dial-up IPsec tunnel when performing an uninterruptible upgrade. In this case, it is due to Dial-up IPsec SAs not being synced when the original primary took over the primary role. Scope F...

nathan_h · 01-02-2025

Description This article describes how to add a bare domain (a domain without a subdomain). An example of a bare domain is 'nat.local'. Scope FortiGate. Solution Configure DNS Database on FortiGate. Technical Tip: Different options of configuring DNS...

nathan_h · 12-02-2024

Description This article shows that VRF leaking with NP vlink can lessen the CPU usage. Scope FortiGate. Solution NON-NP VDOM Link. Network Topology: FortiTester as Sender -> [User VLAN] VRF 11 - Fortigate 101F [NON-VRF11-0] -> [NON-VRF11-1] VRF 1 - ...

nathan_h · 11-07-2024

Description This article describes how to block file upload when an Excel document contains Social Security Number. The firmware version used in this article is v7.2.10. Scope FortiGate. Solution Configuration: Configure DLP Dictionary: GUI: Security...

nathan_h · 11-06-2024

Description This article describes a solution for lower-end model FortiGate with 2GB of RAM to avoid conserve mode due to ipshelper and high IO wait. Scope FortiGate v7.2, v7.4. Solution This was addressed and fixed in v7.4.6 and v7.6.1 and will be f...

nathan_h · 12-17-2024

You can use ISDB on SDWAN rule. We have ISDB for Google.

nathan_h · 09-14-2024

You can try to disable the blocking on the browser. It might be the browser already blocked it and the request didn't reach the Fortigate

nathan_h · 09-14-2024

Hi solo1, As far as I know, you normally don't need select which logs you will forward to them. You just need to send all of the logs to them via Syslog. Their SIEM solution should be able to handle the logs for threat hunting.

nathan_h · 09-13-2024

Hi RSJohan, If you have FortiAnalyzer. you can use Fortiview to check the sessions and from there you will be able to check what ports are used. Keep adding a Firewall Policy at the top and then monitor the original policy if there is still a hit and...

nathan_h · 09-12-2024

Hi Ruelb2214, I understand that Fortigates on the right side are on HA. Since the switch is not a stack, you won't be able to cross connect the LACP. See guidelines below. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Aggregate-link-confi...

User Statistics

User Activity

Troubleshooting Tip: Dialup IPsec SAs are not synced during uninterruptible upgrade (original primary took over the primary role)

Technical Tip: How to add bare domain entry on FortiGate configured with DNS Database

Technical Tip: CPU usage comparison with VRF Leaking using Non-NP and NP vlink

Technical Tip: How to block Excel (.xlsx) document containing Social Security Number (SSN) via Data Loss Prevention

Troubleshooting Tip: Conserve mode due to ipshelper in lower end models

Re: SDWAN Rules

Re: FortiOS 7.4.4 Web Filter didnt show replacment message (Blocked Page)

Re: What FortiOS Event Logs should i send to my SOC from my Fortigate Firewall?

Re: Locking down loose policies

Re: LAG connection setup

Technical Tip: WAD (wad-config-notify) process con...

Re: Locking down loose policies

Re: BGP routing strategy with two IPSec Connection...

Troubleshooting Tip: Read-only access when accessi...

Technical Tip: Integrating Linux login with FortiA...

Re: BGP routing strategy with two IPSec Connection...

KCS

User Statistics

User Activity

You are leaving our website