Fortinet, Security

FortiGate – OnDemand Token Timeout

René Jorissen on June 4, 2018 0 Comments • Tags: #fortigate #timeout #token

Today’s customer is having a problem with OnDemand tokens on a FortiGate firewall. The FortiGate firewall uses RADIUS authentication for SSL VPN user authentication. FortiAuthenticator is used as RADIUS server. To strengthen the security levels, FortiAuthenticator is configured to demand two-factor authentication (2FA) for successful authentication. FortiAuthenticator has multiple options to demand 2FA from a … Read More

Configuration Example, Fortinet

FortiGate – backup via auto-script

René Jorissen on March 28, 2018 4 Comments • Tags: #auto-script #backup #fortigate

One of the features I would like to see in a FortiGate is the ability to automatically create backups and copy them to offline storage. Of course, this can be accomplished by adding FortiManager to the solution, but why would I need FortiManager if I only have one FortiGate (cluster). Another option would be using scripts, … Read More

Configuration Example, Fortinet

FortiGate – IPSec with dynamic IP

René Jorissen on April 13, 2016 5 Comments • Tags: #address #ddns #dynamic #fortigate #fortinet #ip #ipsec #vpn

Site-to-site VPN connections are a common way to connect a branch office to the corporate network. In the Netherlands it is still common to have a internet connection at a branch office with a dynamic IP address. The usage of dynamic IP address is not ideal when configuring a site-to-site VPN connection, because the configuration almost always … Read More

Configuration Example

FortiGate – Outbound OSPF filtering

René Jorissen on November 4, 2015 3 Comments • Tags: #filter #fortigate #ospf #outbound #outgoing #prefix-list

Just a quick post on filtering outbound OSPF advertisements. I had some struggle with this config today. config router prefix-list   edit “filter-outbound”   config rule     edit 1       set prefix 10.10.0.0 255.255.0.0       unset ge       unset le     next     edit 2       set prefix 10.20.0.0 255.255.0.0       unset ge       unset le     next     edit 3       set action deny       set prefix any … Read More

Configuration Example, Firewalling

FortiGate – debug flow

René Jorissen on February 10, 2015 0 Comments • Tags: #debug #diagnose #flow #fortigate #policy #simulation

You can use the diagnose debug flow commands to do a policy simulation. An example of the output: fw01 (root) # diagnose debug enable fw01 (root) # diagnose debug flow show console enable show trace messages on console fw01 (root) # diagnose debug flow filter addr 10.10.1.25 fw01 (root) # diagnose debug flow trace start … Read More