Description This article describes how to configure automation stitches
to update DNS records hosted in Cloudflare upon DHCP lease renewal or
PPPoE (re)connection, effectively creating a dynamic DNS (DDNS) setup.
Scope This guide applies to FortiGate...
Description This article discusses the details of the static DNS
filter's matching logic, with examples provided to illustrate the
behavior. Scope The DNS filter operates only on DNS traffic and filters
only domain names. If it is wanted to take spec...
Description This article describes how to configure a webhook automation
stitch that posts a message into a chosen Discord channel when the
stitch is triggered. Scope This guide is applicable to any FortiOS
version that supports webhook automation ac...
DescriptionAfter creating a new DLP sensor by cloning an existing one,
changing the file-type filter on one changes the other as
well.SolutionThis happens because the file-type filters are separate
objects referenced by number in the sensor’s configu...
For outbound traffic, where you want to inspect traffic from your LAN
clients towards arbitrary third-party websites (or other services) that
you do not control, you will absolutely need your own CA, and that CA
needs to be installed as a trusted CA ...
Potentially nothing, hence "relatively easily".Example for a basic setup
for inbound traffic filtering (e.g. to your internet-exposed webserver):
Configure either a VIP with TLS offloading for HTTPS (using the LE
certificate), or a basic VIP + a new ...
The LE certificate can be used in a VIP with TLS offloading
(server-load-balance with TLS/HTTPS sub-type), or in SSL inspection
profiles set to "protect server". Webfilter can be used in firewall
policies with either of these with relative ease.You w...
IPS will be used even with proxy-mode inspetion if: - "inspect all
ports" is enabled in protocol options/SSL inspection (IPS is used to
identify the protocol and whether wad/proxyy should further be
interested in it) - or if Appcontrol/IPS profiles a...
Yes, I've just tested this and you can do a POST request to:
/api/v2/cmdb/webfilter/content//entries With the new entry's
payload: {"name": "new block item", "action": "block", "status":
"enable"} The result will be an addition to the existing list o...