hi, today I set up email alerts for various events (so, event based and
not severity level based), and I am missing a setting for hardware
failure events, you know, fans, PSU, temperature. A look into the CLI
didn't help.Am I thinking too hard, and t...
Hello fellows, for simplicity, I often use my private SSH key to log in
into my local admin account on various FGTs (I mean, CLI access via
SSH). Now, if instead of a local admin account I use a wildcard admin
account against LDAP/MS AD in the backgr...
hello all, I've got a pair of FG-200B running v4.3.18 in A-P HA mode.
Each cluster member is at a different location, HA links are across a
dedicated line. On each site, there is one Cisco access router (19xx) in
front of the FGT providing WAN access...
hello all, I'm planning to place the slave unit of a Fortigate HA
cluster into a remote location. There is a leased line (layer 2) for the
HA connect. Can anybody confirm that I can run the HA traffic across a
VLAN between the access switches on each...
Do not rejoice too early, as IPsec VPN traffic protocols are not so
difficult to detect, and to block.As a hint, since FortiOS v7.0, you can
change the default VPN ports (and 4500) to _one_ custom port. The other,
receiving site just has to know and ...
Protecting VPN traffic with blackhole routes has been discussed earlier
In my post, I've provided a batch script which configures blackhole
On the FGT side, most best practices mentioned also apply:- create
address objects for the networks to be proteced, and those on the CPto
be used here:- in the phase2- in static route- in the policyThis way,
you only have to edit one central object t...
Firstly, as kaman mentioned, there is a switch in the upper right corner
of the web page "By sequence" which switches off interface-pair
grouping.Apart from getting a quick overview (for instance, which
policies use a specific security profile, or NA...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.