About lmateus

lmateus · 12-11-2013

DescriptionSince FortiOS 5.0.3, when configured to not do HTTPS deep scan (no man in the middle) SSL inspection has been improvedNow, FortiOS checks also the server name in the client Hello from the SSL negotiation. This is called SNI/CN method (Serv...

lmateus · 09-14-2010

DescriptionIt is possible to configure the FortiGate to send an SNMP trap when its configuration is not synchronized with the FortiManager database.ScopeSolutionThe specific event type is called "fm-conf-change"CLI configuration (only) : config syste...

lmateus · 05-07-2010

DescriptionIn some specific configuration, HTTP and HTTPS ports are not the standard ones (80 and 443).Following is an example with a Fortigate in Transparent before a web proxy :< LAN >-----[ FGT-inTP ]------[ Web-Proxy - HTTP 8080 / HTTPs 8181 ]---...

lmateus · 03-31-2010

DescriptionWhen troubleshooting connectivity issues through a Fortigate, the "diagnose debug flow" command output may show that all sessions from a host are blocked by the Fortigate because the host MAC address is being blacklisted.Example : 2010-03-...

lmateus · 03-10-2010

DescriptionWhen configuring LDAP authentication on FortiGate, the 'ldap-memberof' attribute can be used to check the user group membership to grant access accordingly.For example: config user group edit "first" set group-type sslvpn set ldap-memberof...

User Statistics

User Activity

HTTPS Webfiltering without deep scan enabled details

Technical Note : FortiGate SNMP trap sent when configuration not synchronized with FortiManager database

Technical Tip : Triggering NTLM authentication on HTTP and HTTPS non standard ports

Troubleshooting Tip : Message msg="HWaddr-xx:xx:xx:xx:xx:xx is in black list, drop" in a "diagnose debug flow" output

Technical Note : FortiGate 'ldap-memberof' query fails when the AD user is only member of one group

Fortinet Training Institute

KCS