Category: Fortinet
FortiGate – OnDemand Token Timeout
Today’s customer is having a problem with OnDemand tokens on a FortiGate firewall. The FortiGate firewall uses RADIUS authentication for SSL VPN user authentication. FortiAuthenticator is used as RADIUS server. To strengthen the security levels, FortiAuthenticator is configured to demand two-factor authentication (2FA) for successful authentication. FortiAuthenticator has multiple options to demand 2FA from a … Read More
Configuration Example, Fortinet
FortiGate – backup via auto-script
One of the features I would like to see in a FortiGate is the ability to automatically create backups and copy them to offline storage. Of course, this can be accomplished by adding FortiManager to the solution, but why would I need FortiManager if I only have one FortiGate (cluster). Another option would be using scripts, … Read More
FortiMail – Howto configure DLP
The previous post showed the steps necessary to enable DLP. This post describes the workflow to configure DLP. I needed DLP to relay outbound messages to a specific mail relay based on header information. At first I create a DLP rule to define the matching conditions. I match specific header information, which is added to a message … Read More
FortiMail – Howto enable DLP
FortiMail has the option to use Data Loss Prevention as enhanced security mechanism. This feature is introduced in firmware 5.3, according to the release notes. By default the DLP option is not visible on the GUI. DLP can be enabled via the CLI, but it is a well hidden feature. The option can be enabled … Read More
Configuration Example, Fortinet
FortiGate – IPSec with dynamic IP
Site-to-site VPN connections are a common way to connect a branch office to the corporate network. In the Netherlands it is still common to have a internet connection at a branch office with a dynamic IP address. The usage of dynamic IP address is not ideal when configuring a site-to-site VPN connection, because the configuration almost always … Read More
FortiClient SSLVPN – export profiles
I am using the FortiClient SSLVPN lightweight application for SSL VPN access to client networks. In the GUI you don’t have options to export the configured profiles as you have with the full-featured FortiClient SSLVPN. The profiles for the lightweight version are stored in the registry, so you can export and import from there. The registry … Read More