hi, today I set up email alerts for various events (so, event based and
not severity level based), and I am missing a setting for hardware
failure events, you know, fans, PSU, temperature. A look into the CLI
didn't help.Am I thinking too hard, and t...
Hello fellows, for simplicity, I often use my private SSH key to log in
into my local admin account on various FGTs (I mean, CLI access via
SSH). Now, if instead of a local admin account I use a wildcard admin
account against LDAP/MS AD in the backgr...
hello all, I've got a pair of FG-200B running v4.3.18 in A-P HA mode.
Each cluster member is at a different location, HA links are across a
dedicated line. On each site, there is one Cisco access router (19xx) in
front of the FGT providing WAN access...
hello all, I'm planning to place the slave unit of a Fortigate HA
cluster into a remote location. There is a leased line (layer 2) for the
HA connect. Can anybody confirm that I can run the HA traffic across a
VLAN between the access switches on each...
hi guys, I need to size a FGT as an SSLVPN gateway. There will be around
300 concurrent users, albeit on a 400 Mbps line (as of now). No heavy
UTM is planned, just some AV, anti-botnet stuff. Remote users will
access intranet servers for HTTP, HTTPS,...
@peterrr: this only covers outbound ports for FSA generated traffic, not
traffic from VMs. The Admin Guide says:FortiSandbox uses port3 to allow
scanned files to access the Internet. The Internet visiting behavior is
an important factor to determine ...
Well, the main task in building a sandbox is disguising it to be one.
That is, if the malware finds out that the environment is restricted or
somewhat 'different' from a regular host, it might decide to lay low and
wait for better days, thus avoiding...
The point here is that the VLAN30 interface is a sub-interface of the
LAN port. But, the policy needs to allow traffic from "VLAN30" to "DMZ"
interfaces, not from "LAN" interface.Then, allow PING on the DMZ
interface (in the interface setup). BTW, ta...
After some re-working on my script, it's now more robust to invalid
inputs and fully supports the hosts.deny syntax, as well as a plain text
file with one line per IP as input. I thought of attaching the script
here but at 520 lines length it would n...