Technical Tip: SSL/TLS and the use of Digital Cert...

Markus_M · 09-10-2025

Description This article describes FTP communication through FortiProxy and the required Syntax with CURL. Scope FortiProxy may also be applicable for FortiGate to some extent. Solution CURL is a versatile command-line program available for Linux and...

Markus_M · 07-07-2025

Description This article describes general troubleshooting and considerations when deploying the FortiAuthenticator to handle FSSO operation in high-performance environments. Scope FortiAuthenticator is used as an FSSO Collector. Solution Table of co...

Markus_M · 11-04-2024

Description This article describes an example use case for certmonger and the FortiAuthenticator as SCEP server. Note that certmonger is a third party tool and not endorsed by Fortinet. Its documentation can be found here:https://www.freeipa.org/page...

Markus_M · 09-05-2024

Description This article describes the general setup on an SMS gateway. It links to a few more specific setups as well. It intends to expand the documentation on the administration guide: SMS Gateway documentation Note that this does not include the ...

Markus_M · 09-21-2023

Description This article describes best practices for hardening environments with the FortiAuthenticator. It may in parts be true for other installations. Scope FortiAuthenticator all versions. FortiGate configuration is referred to in parts. Solutio...

Markus_M · 09-26-2025

Packet capture will tell you most of what is going on. I'm sure you remember my rambling about a certain article with steps of what is supposed to happen and when. These steps all reflect in a packet capture and indicate where to search.

Markus_M · 09-26-2025

Do you have a screenshot etc? The message "server cannot be found" sounds like a DNS error. What is the "captive address" that gives you the success page? The cellular data CAN be a problem IF the device is able to contact the captive portal detectio...

Markus_M · 09-26-2025

The API is basically HTTPS access. The API key is just doing authentication AFTER the HTTPS or rather TLS exchange. The policy update or whatever will be done AFTER that. So your python script will be the HTTPS/TLS client to the FortiGate as TLS serv...

Markus_M · 09-13-2025

You need an identifying factor to tell FortiGate "this traffic is from group2". If the groups are in certain subnets, design your rules for these subnets. Otherwise, you may have to implement some sort of authentication and refer to users in the user...

Markus_M · 09-09-2025

Hello Avatar, good to hear you try to learn! I recommend trying understanding what the FortiGate is doing in your network. Security profiles, routing, VPN, etc. Focus on these topics maybe first as you'll have a more direct access to those. Setup vid...

User Statistics

User Activity

Technical Tip: Explicit FTP proxy communication with CURL through FortiProxy

Technical Tip: FSSO performance optimization for FortiAuthenticator as collector

Technical Tip: Example of use of certmonger and FortiAuthenticator as SCEP server.

Technical Tip: General SMS Gateway configuration for OTP or second factor authentication

Technical Tip: Best practices on hardening FortiAuthenticator environments

Re: Apple Devices with Captive Portal

Re: Apple Devices with Captive Portal

Re: Looking for a Fortinet Consultant

Re: SDWAN rule

Re: New to FortiNet

Technical Tip: SSL/TLS and the use of Digital Cert...

Technical Tip: Best practices on hardening FortiAu...

Technical Tip: Configuring DPD (dead peer detectio...

Technical Tip: FSSO performance optimization for F...

Technical Tip: DHCP address leases on a FortiGate

Re: 802.1X Wireless Machine Certificate based RADI...

Re: LDAP cert Configuration error

Re: UNABLE TO ACCESS MY GATEWAY VIA WEB GUI OR SSH

Re: FortiAuthenticator Guest Captive Portal Cannot...

Re: Detailed Specifications of 　File System Check ...

KCS

User Statistics

User Activity

You are leaving our website