Description This article describes a script for automatically
compressing FSSO Collector Agent's debug logs for the purposes of
extending the log coverage and decreasing the total log size on disk,
and provides example guidelines for implementing it....
Description This article describes how to configure automation stitches
to update DNS records hosted in Cloudflare upon DHCP lease renewal or
PPPoE (re)connection, effectively creating a dynamic DNS (DDNS) setup.
Scope This guide applies to FortiGate...
Description This article discusses the details of the static DNS
filter's matching logic, with examples provided to illustrate the
behavior. Scope The DNS filter operates only on DNS traffic and filters
only domain names. If it is wanted to take spec...
Description This article describes how to configure a webhook automation
stitch that posts a message into a chosen Discord channel when the
stitch is triggered. Scope This guide is applicable to any FortiOS
version that supports webhook automation ac...
DescriptionAfter creating a new DLP sensor by cloning an existing one,
changing the file-type filter on one changes the other as
well.SolutionThis happens because the file-type filters are separate
objects referenced by number in the sensor’s configu...
You can certainly try, but it is not supported, so you will not receive
TAC support for such deployments. I wouldn't expect DC Agent to work,
given that it's a dll plugin for lsass.exe on a DC. Basic event log
polling might work, if your Samba4 DC lo...
I would say that the proxy's behaviour should be fixed then. TLS version
of a session is not established until both sides agree, so a middle-box
blocking a session because it sees 1.1 mentioned in a ClientHello and
interprets is as TLS 1.1 is factual...
The abuse scenario is a malicious FortiGate administrator with
read-write access to "config user ldap" changing the configuration so
that the LDAP server IP address points to an IP they control, in order
to capture the LDAP service account credential...
You should review the SAML response when it is received by the FortiGate
from the IdP, and check if it contains the group's UUID as expected.
enable samld debug output: di de app saml -1 di de app sslvpn -1 di de
enable Reproduce the authentication a...
Not possible. FortiGates are authenticated by their Fortinet-issued
certificate when connecting to that server, but FAC cannot be configured
to use a client-cert in SMTP configs currently.