Re: Fortigate API - Remove address from group addr...

pminarik · 08-07-2024

Description This article describes a script for automatically compressing FSSO Collector Agent's debug logs for the purposes of extending the log coverage and decreasing the total log size on disk, and provides example guidelines for implementing it....

pminarik · 02-22-2024

Description This article describes how to configure automation stitches to update DNS records hosted in Cloudflare upon DHCP lease renewal or PPPoE (re)connection, effectively creating a dynamic DNS (DDNS) setup. Scope This guide applies to FortiGate...

pminarik · 12-15-2022

Description This article discusses the details of the static DNS filter's matching logic, with examples provided to illustrate the behavior. Scope The DNS filter operates only on DNS traffic and filters only domain names. If it is wanted to take spec...

pminarik · 05-25-2022

Description This article describes how to configure a webhook automation stitch that posts a message into a chosen Discord channel when the stitch is triggered. Scope This guide is applicable to any FortiOS version that supports webhook automation ac...

pminarik · 08-29-2016

DescriptionAfter creating a new DLP sensor by cloning an existing one, changing the file-type filter on one changes the other as well.SolutionThis happens because the file-type filters are separate objects referenced by number in the sensor’s configu...

pminarik · 03-18-2025

You should review the SAML response when it is received by the FortiGate from the IdP, and check if it contains the group's UUID as expected. enable samld debug output: di de app saml -1 di de app sslvpn -1 di de enable Reproduce the authentication a...

pminarik · 03-05-2025

Not possible. FortiGates are authenticated by their Fortinet-issued certificate when connecting to that server, but FAC cannot be configured to use a client-cert in SMTP configs currently.

pminarik · 03-04-2025

Yep, you certainly can! Just switch off the "NAT" toggle in the NAT policy. And you're also correct about the matching order, top->down, first valid match wins.

pminarik · 03-03-2025

This is automatic, and not configurable. It is also worth pointing out that this is a point-to-point L3 link, so the gateway is essentially meaningless. Is it actually causing any functional issues (if yes, let's discuss those), or is this only a cos...

pminarik · 02-26-2025

You will likely need to enable logging of "invalid packets" first: config log setting set log-invalid-packet enable end After that, you should see this attempt logged in the relevant traffic log (likely Forward, unless the destination is an IP owned ...

User Statistics

User Activity

Troubleshooting Tip: Automation Script for FSSO Collector agent debug log compression and archiving

Technical Tip: Using Automation Stitches with Cloudflare API for Dynamic DNS (DDNS) Functionality

Technical Tip: DNS profile - Static Domain Filter Matching Logic

Technical Tip: Discord Webhook for Security Fabric Automation Stitches

Technical Note: DLP - Changing the file-type filter of a cloned sensor

Re: SSL VPN and azure saml not permitted

Re: How to Configure SMTP of Fortinet "notification.fortinet.com" on FortiAuthenticator

Re: Central Nat behavior - exemption "no nat" rule

Re: Fortigate SSL VPN Gateway IP on Forticlient PC

Re: Can't I see LAND attack blocking logs on Foritgate?

Re: Fortigate API - Remove address from group addr...

Re: Rest Api - FGT - 6.4.2 - Fortiview

Re: Firewall blocking all Microsoft products

Re: IPSEC phase 1 SA lifetime not honouring config...

Re: FortiOS 7.6.0 Build3401 - RadSec TLS 1.3 not p...

Re: How to Configure SMTP of Fortinet "notificatio...

Re: Central Nat behavior - exemption "no nat" rule

Re: Firewall blocking all Microsoft products

Re: Fortigate API - Filter by network mask on /api...

Re: DNS v Web Filter v ISDB

KCS

Fortinet Training Institute

User Statistics

User Activity

You are leaving our website