Transferring a configuration file from one model to another
Before proceeding, it should be made clear that moving a configuration file from one model to another isnot officially supported by Fortinet. That being said, there are a few gray areas where...
View ArticleCheck addressing mode if HA cluster not setting up properly
If you appear to have configured your HA settings correctly but after trying to implement the HA cluster everything is still in stand-alone mode the issue could be with the interfaces. When setting up...
View ArticlePotential HA upgrade error due to changes in FortiOS
The following is, if not common, a plausible scenario: You have a FortiGate unit that you have upgraded from version 4.3.10 to 5.0.1. You want to make it part of an HA cluster so you bring in a new...
View ArticleStrategies for blocking traffic by a service or protocol
At some point you will want to block traffic based on the type of service or protocol that is being used. This is a fairly straightforward exercise if you are blocking all traffic using that service...
View ArticleAdding denied sessions to session table
Blocking the packets of a denied session can take more CPU processing resources than passing the traffic through. By putting denied sessions in the session table, they can be kept track of in the same...
View ArticleBehind the scenes of the VPN Creation Wizard
The new VPN Creation Wizard makes life easier for users that are unfamiliar with the creation of IPsec VPNs. However, not all of the meanings of the fields are intuitive and there are some limitations...
View ArticleMultipath Routing Basics
To avoid single points of failure some networks use multiple ISPs. This allows for multiple routes or paths for the traffic to reach the Internet. By changing 3 variables different approaches can be...
View ArticleNavigating the FortiGate BIOS
It doesn’t happen often, though always more than we’d like, but sometimes we have to work in our FortiGate unit’s BIOS. You should know in advance the capabilities of the BIOS. There is also the issue...
View ArticleClik here to view.
Using the USB MGMT Console port
Some FortiGate models are shipped without the standard RJ-45 or RS-232 serial console port that a lot of users are familiar with. In its place is a USB port that is designed to work with FortiExplorer...
View ArticleSSL Public Key Pinning – Bulletin
Mozilla has introduced a new feature in the latest release of its popular web browser, Firefox Version 32. The feature is SSL Public Key Pinning and is designed to help prevent “Man in the...
View ArticleSupported compression formats
Practically everyone who works in a corporate environment will try this trick at least once. Compressing or zipping a file is a common method of circumventing security measures to get past a firewall...
View ArticleWindows updates may cause denial of access to Internet
System administrator’s are constantly trying to optimize the performance of their networks. Rather than continue to process attempts that are consistently failing, the administrator will block access...
View ArticleClik here to view.
Ultrasurf – tool for freedom or a pain in a SysAdmin’s …
The Ultrasurf software isn’t inherently a good thing, or a bad thing. Like many other tools, it all depends on how you use it. According to Ultrasurf’s own website, it was originally created to help...
View ArticleEncryption hash used by FortiOS for local pwd/psk
In these days of heightened security awareness it makes sense to understand what is protecting your passwords from prying eyes. For anyone that has seen the configuration file of a FortiGate device,...
View ArticleWhy you should use SSL inspection
Most of us are familiar with Hypertext Transfer Protocol Secure (HTTPS) and how it protects a variety of activities on the Internet by applying Secure Sockets Layer (SSL) encryption to the web traffic....
View ArticleClik here to view.
Viewing the FortiGate or FortiExtender Modem List
This article shows how to view the most recent version of the supported modem list for FortiGate or FortiExtender. These lists depend on the modem database version, not the version of FortiOS used. The...
View ArticleClik here to view.
Traffic Shaping Priority Queueing (PRIQ)
This traffic shaping document describes Priority Queueing (PRIQ), Type of Service (ToS) priority, and Quality of Service (QoS). It also explains the following: Why traffic shaping only occurs when...
View ArticleFortinet and the GHOST Vulnerability
For those who follow security news, you are probably aware of an issue in the glibc library called CVE-2015-0235 (making this issue sound even scarier, it is also referred to as GHOST). A number of...
View ArticleClik here to view.
Default exemptions in the SSL deep-inspection profile
In the default configuration for FortiOS 5.2, several FortiGuard categories and firewall addresses appear in the Exempt from SSL Inspection list. However, if you upgrade your FortiGate to 5.2 from an...
View ArticleNew FAQ page
As you may expect, we here in the Technical Documentation team get asked a lot of questions. Sometimes we even get asked the same question more than once. I strongly suspect that this repetitive...
View Article