When you have to protect your VoIP CallManager in a secure zone of your lan you have to face two problem: SIP and NAT. In our case we handle voip sessions through firewall by configuring an ACL with TCP/UDP port_set. For internal resources, we don’t use NAT mode, here you have the ports from phones to CM: Destinaton port Description …
FortiAnalyzer a.k.a. FAZ – “No Data” issue
After upgraded to FAZ firmware version to FortiAnalyzer_6.0.5 you can experience a “No Data” visualization problem in FortiView analytics functions. One of the most popular features of the FAZ is the FortiView information aggregator that allows the SOC a general overview of the security status of its network.In fact, in the dashboard where the “No data” problem may exist you …
FortiGate Cluster – Check HA Health!
If you want to be sure that your cluster is in excellent health, sometimes perform these checks on each cluster member via console: On the output is easy to find the health state of the sync! You can also monitor the sync status by configure HA email alert on: Log&Report > Email Alert Settings > Administrative > HA status change …
Fortinet – openfortivpn under Ubuntu Linux
Ubuntu Network Manager have Fortinet SSL VPN Plug-in for connect you to HQ network. Below you will find instructions for activating the plu-gin and configuring it. First: Install plugin: Second: Configure NM: Third: do the magic: For work correctly we must find trusted-cert string and insert it in the client Advanced settings. EXPLANATION: Gateway certificate validation failed, and the certificate …
FortiGate – session clearing via CLI
Quick Tip: to reset a specific session we can use the diag sys session clear command: type diagnose sys session filter clear for clearing all previously filters. 2. choose between all these options: diagnose sys session filter ? vd Index of virtual domain. -1 matches all. sintf Source interface. dintf Destination interface. src Source IP address. nsrc NAT’d source ip …
Register FortiGate device on Fortianalyzer
with these little steps you will be able to connect a Fortigate firewall on a FortiAnalyzer appliance and send them security logs. I hope this help! .glitchlist crew
FortiClient increase timeout ssl-vpn via client
default session timeout of an ssl vpn over FortiClient is 28800sec. (8hrs). After the ssl vpn is established the countdown start and you cannot maintain them alive with a ping -t or something other. So after 8hrs the FortiGate kill the tunnel. To increase the aut-timeout do this: Login via ssh to the Fortigate, Run: config vdomedit rootconfig vpn ssl …
setup HA Cluster Fortigate 500E
here a to-do list to setup an HA Active-Passive Cluster Fortigate with 2 FortiGate-500E: Connect to mgmt interface on each FortiGate, DHCP on your laptop and go to https://192.168.1.99 User: admin Password: blank CHANGE the PASSWORD!!! Set an ip on outside interface on both Firewalls Register appliances on https://support.fortinet.com Reserve an additional port (copper or fiber) in addition to the …