Press "Enter" to skip to content

Posts published in “Fortigate”

FortiOS 5.4.1 IPSec Phase 2 for AutoConf-enabled Phase1 Issue

0

The Fortigate 60D and 100D were used to build IPSec tunnel between two sites since last year. The Firmware version is 5.2.4 build 668. I were planning to upgrade Fortigate 100D to 5.4.1. The upgrade process were smooth but IPsec tunnel got broken after upgrade. Fortigate60D IPSec Tunnel Configuration: Fortigate100D I{Sec Tunnel Configuration: Unfortunately, the tunnel between 60D and 100D failed to build after upgrade process rebooted the 100D. Based on following troubleshooting commands on 100D device, we found 100D…

Fortigate Firewall Configuration Migrate to Different Device

0

Fortigate firewall upgrade to different model can become a pain when you are not sure how to migration configuration. Fortinet provides a tool which name is FortiConverter. Here are some features from it website page; Multi-vendor Support – Conversion from Check Point, Cisco, Juniper, Alcatel-Lucent, Palo Alto Networks, and SonicWall. A single tool converts configurations from all supported vendors. FortiGate to FortiGate – Can migrate configurations between FortiGate devices to minimize the risk associated with network upgrades. Facilitates migration to…

Fortigate 60D High Availability Configuration Steps

0

Fortigate 60D has been used to do HA examples in this post. The back of Fortigate 60D: The configuration steps for Fortigate High Availability is the easiest one comparing other firewall vendors. Fortigate cookbook “High Availability with two FortiGates” has presented enough detailed steps for most situations. In this post, it records the steps I just recently did. Topology: WAN1 is connecting to External switch then connected to Internet.LAN port 1 is connecting to Internal switch. Both DMZ and WAN2…

Basic Fortinet Firewall Fortigate CLI Commands (Tips and Tricks)

0

1. FGT30D # config system interface  FGT30D (interface) # showconfig system interface edit "wan" set ip 10.99.142.1 255.255.255.0 set allowaccess ping https ssh snmp http fgfm set type physical set snmp-index 2 next..... edit "lan" set ip 192.168.100.1 255.255.255.0 set allowaccess ping https ssh http fgfm capwap set type physical set snmp-index 1 nextend 2. Change System Hostname FGT30D # config system global FGT30D (global) # set hostname FGT30DFGT30D (global) # end 3. Configure System DHCP Server  on Interface “lan”: FGT30D…

Fortigate Firewall Console TFTP Image Recovery

0

Recently I had a experience to install firmware from a local TFTP server under console control to reset a FortiGate unit to factory default settings. It was caused by a failed firmware upgrade. System died after reboot. Power light was green, but not other interfaces. I recorded the all steps in this post. 1. Physical ConnectionsI were using Fortigate 30D to do this firmware TFTP installation. There are four different types of interfaces on the back of Fortigate 30D. Here…

Fortigate File Syste Check Recommendation After Logged in Web UI

0

Fortigate firewall 60D has been used in our environment because of performance and cost. It is small, powerful, rich feature also cost effective. Usually 60D is reliable and sitting quietly in the corner of server room. Today during a regular check, File System Check Recommended message pop-ed up when I logged into Web Interface. It prompted a file system check recommended window as show below: It seems Power Failure Detected during last power outage. Obviously Firewall itself is still running…

Set Up IPSec Site to Site VPN Between Fortigate 60D (4) – SSL VPN

0

IPSec Site to Site VPN Configuration Series: Set Up IPSec Site to Site VPN Between Fortigate 60D (1) – Route-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (2) – Policy-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (3) – Concentrator and Troubleshooting Set Up IPSec Site to Site VPN Between Fortigate 60D (4) – SSL VPN SSL VPNs establish connectivity using SSL, which functions at Levels 4 – 5 (Transport and Session…

Set Up IPSec Site to Site VPN Between Fortigate 60D (3) – Concentrator and Troubleshooting

0

IPSec Site to Site VPN Configuration Series: Set Up IPSec Site to Site VPN Between Fortigate 60D (1) – Route-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (2) – Policy-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (3) – Concentrator and Troubleshooting Set Up IPSec Site to Site VPN Between Fortigate 60D (4) – SSL VPN After tested policy based and route based IPSec vpn, this post will do a quick test…

Set Up IPSec Site to Site VPN Between Fortigate 60D (2) – Policy-Based VPNs

1

IPSec Site to Site VPN Configuration Series: Set Up IPSec Site to Site VPN Between Fortigate 60D (1) – Route-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (2) – Policy-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (3) – Concentrator and Troubleshooting Set Up IPSec Site to Site VPN Between Fortigate 60D (4) – SSL VPN This is the second post for Fortigate IPSec VPN configuration. It will use same topology as…

Set Up IPSec Site to Site VPN Between Fortigate 60D (1) – Route-Based VPNs

6

IPSec Site to Site VPN Configuration Series: Set Up IPSec Site to Site VPN Between Fortigate 60D (1) – Route-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (2) – Policy-Based VPNs Set Up IPSec Site to Site VPN Between Fortigate 60D (3) – Concentrator and Troubleshooting Set Up IPSec Site to Site VPN Between Fortigate 60D (4) – SSL VPN Fortigate firewall supports two types of site-to-site IPSec vpn based on FortiOS Handbook 5.2,  policy-based or…