For some reason the XSS or SQL injections are moved to a seperate WAF
profile in Fortigate and not in the normal IPS functions but I saw the
below article: Stream-based antivirus scanning for HTML and Javascript
files | FortiGate / FortiOS 7.6.0 | Fo...
Hello, I am playing with fortigate trial versions (7.2.11 and 7.6.2) and
I was testing local user authentication with captive portal. I have
configured the ip address of the interface as captive portal location.
It works for HTTP traffic but for HTTP...
Hello to Everyone, I am playing with the trial VM and I am wondering
except doing tcpdump packetsniffer what are the options to debug ssl
hanshake issues like unsuppored ciphers ? I am interested for proxy mode
rules and flow mode rules and if there ...
Fortigate Automation Stich is great! If you have a security fabric
configured you can automate a lot of stuff. You can automate a process
restart if there is high CPU or memory :) Example: High CPU event
trigger is already existing but for the memory...
Hello to Everyone, Does the FortiWeb WAF support Application learning
(AL) / traffic learning positive security? From the article
https://www.fortinet.com/blog/business-and-technology/fortiweb-release-6-0--ai-based-machine-learning-for-advanced-thr
I...
I tried to debug the ipsengine (for flow based ssl inspection this
should be the process not wad) and I found out that there is an ssl
debug as well as the ipsengine generates too much logs and I did not see
any SSL specific but maybe for non trial f...
Hey @Yurisk . Thanks for the fast reply. I did not see anything when I
enabled diagnose debug app sslvpn -1 and connected to the web server
that has https and fortigate emulates the certificate for the clients
connecting through it. This seems like a...
With the below commands I saw an error in the authd process. diagnose
debug application authd -1 diagnose debug enablediagnose debug console
timestamp enable 2025-05-22 16:52:47 [crypto_free:216]:
[crypto_free:216]: (crypto/bio/bss_sock.c:111)2025-05...
After some time I see that the first layer/phase where the ML (Machine
Learning) model detects parameter types and urls seems like AL
(Application Learning) seen in other advance WAF vendors, where
parameter types and urls are auto learned after some...
