Fortinet, Security

FortiGate – OnDemand Token Timeout

René Jorissen on June 4, 2018 0 Comments • Tags: #fortigate #timeout #token

Today’s customer is having a problem with OnDemand tokens on a FortiGate firewall. The FortiGate firewall uses RADIUS authentication for SSL VPN user authentication. FortiAuthenticator is used as RADIUS server. To strengthen the security levels, FortiAuthenticator is configured to demand two-factor authentication (2FA) for successful authentication. FortiAuthenticator has multiple options to demand 2FA from a … Read More

Configuration Example, Fortinet

FortiGate – backup via auto-script

René Jorissen on March 28, 2018 3 Comments • Tags: #autoscript #backup #fortigate

One of the features I would like to see in a FortiGate is the ability to automatically create backups and copy them to offline storage. Of course, this can be accomplished by adding FortiManager to the solution, but why would I need FortiManager if I only have one FortiGate (cluster). Another option would be using scripts, … Read More

Fortinet, Mail relaying

FortiMail – Howto configure DLP

René Jorissen on October 27, 2016 0 Comments • Tags: #action #configure #datalossprevention #dlp #fortimail #fortinet #header #howto #profile #rule #scan

The previous post showed the steps necessary to enable DLP. This post describes the workflow to configure DLP. I needed DLP to relay outbound messages to a specific mail relay based on header information. At first I create a DLP rule to define the matching conditions. I match specific header information, which is added to a message … Read More

Fortinet, Mail relaying

FortiMail – Howto enable DLP

René Jorissen on October 25, 2016 1 Comment • Tags: #data #datalossprevention #dlp #enable #fortimail #fortinet #howto #loss #prevention #set

FortiMail has the option to use Data Loss Prevention as enhanced security mechanism. This feature is introduced in firmware 5.3, according to the release notes. By default the DLP option is not visible on the GUI. DLP can be enabled via the CLI, but it is a well hidden feature. The option can be enabled … Read More

Configuration Example, Fortinet

FortiGate – IPSec with dynamic IP

René Jorissen on April 13, 2016 5 Comments • Tags: #address #ddns #dynamic #fortigate #fortinet #ip #ipsec #vpn

Site-to-site VPN connections are a common way to connect a branch office to the corporate network. In the Netherlands it is still common to have a internet connection at a branch office with a dynamic IP address. The usage of dynamic IP address is not ideal when configuring a site-to-site VPN connection, because the configuration almost always … Read More

Fortinet, IPSec / SSL VPN

FortiClient SSLVPN – export profiles

René Jorissen on February 18, 2016 0 Comments • Tags: #export #forticlient #import #profile #sslvpn

I am using the FortiClient SSLVPN lightweight application for SSL VPN access to client networks. In the GUI you don’t have options to export the configured profiles as you have with the full-featured FortiClient SSLVPN. The profiles for the lightweight version are stored in the registry, so you can export and import from there. The registry … Read More