Press "Enter" to skip to content

Posts published in “Fortigate”

Configure Fortigate DDNS with free DDNS service noip.net

0

Using a Dynamic Domain Name Service (DDNS) means that users can reach your network by means of a domain name that remains constant even when its IP address changes. FortiOS has supported this feature in Network - DNS settings -  Fortiguard DDNS service, which sounds great. Unfortunately, it does not work well in my home lab environment. My FortiGate is behind ISP modem and WAN port is using private ip address 192.168.20.2.

1. FortiGuard DDNS service
When use baisc FortiGuard DDNS settings wthout enabling 'Public IP Address", my WAN ip (192.168.20.2) got updated with my defined subdomin 51sec.fortiddns.com in the Intenet. On this configuration page, you also got a warning message, "the interface has a private ip address (192.168.20.2) which may not be publicly accessible".

In this example, the domain fortiddns.com is used. This domain is owned by Fortinet, as are the float-zone.comdomains  and fortidyndns.com.

FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 2

0

FortiGate firewall always surprise me with his rich embedded features, prices and performance. FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate products. With this one unified intuitive OS, we can control all the security and networking capabilities across all of your Fortigate products.

I put some of useful commands or configurations in following two posts:

1. Debugging and Diagnostic your system

diag debug enable
diag debug console timestamp enable
diag sniffer packet wan 'host 8.8.8.8' 1
diag debug disable
diag debug reset

diag debug cli cmd will show you the  "cli commands" for actions that you take from the gui.

diag debug enable
diag debug cli 8 

FortiOS Configuration for FortiGate Firewalls (Tips and Tricks) 1

0

FortiGate firewall always surprise me with his rich embedded features, prices and performance. FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate products. With this one unified intuitive OS, we can control all the security and networking capabilities across all of your Fortigate products.

I put some of useful commands or configurations in following two posts:

1. FGT30D # config system interface 

FGT30D (interface) # show
config system interface
    edit "wan"
        set ip 10.99.142.1 255.255.255.0
        set allowaccess ping https ssh snmp http fgfm
        set type physical
        set snmp-index 2
    next
.....
    edit "lan"
        set ip 192.168.100.1 255.255.255.0
        set allowaccess ping https ssh http fgfm capwap
        set type physical
        set snmp-index 1
    next
end

FWF60D # show | grep interface
config system switch-interface
config system interface
        set alias "SSL VPN interface"
        set monitor-interface "wan1"
        set interface "lan"
        set associated-interface "ssl.root"
        set associated-interface "lan"
        set associated-interface "lan"

FWF60D # show | grep -f DMZ2
config system interface
    edit "wan2"
        set vdom "root"
        set ip 172.17.3.1 255.255.255.0
        set allowaccess ping https http fgfm
        set type physical
        set alias "DMZ2" <---
        set role dmz
        set snmp-index 3
    next
end

FortiOS 5.4.1 IPSec Phase 2 for AutoConf-enabled Phase1 Issue

0

The Fortigate 60D and 100D were used to build IPSec tunnel between two sites since last year. The Firmware version is 5.2.4 build 668. I were planning to upgrade Fortigate 100D to 5.4.1. The upgrade process were smooth but IPsec tunnel got broken after upgrade. Fortigate60D IPSec Tunnel Configuration: Fortigate100D I{Sec Tunnel Configuration: Unfortunately, the tunnel between 60D and 100D failed to build after upgrade process rebooted the 100D. Based on following troubleshooting commands on…

Fortigate Firewall Configuration Migrate to Different Device

0

Fortigate firewall upgrade to different model can become a pain when you are not sure how to migration configuration. Fortinet provides a tool which name is FortiConverter. Here are some features from it website pageļ¼› Multi-vendor Support – Conversion from Check Point, Cisco, Juniper, Alcatel-Lucent, Palo Alto Networks, and SonicWall. A single tool converts configurations from all supported vendors. FortiGate to FortiGate – Can migrate configurations between FortiGate devices to minimize the risk associated with…

Fortigate 60D High Availability Configuration Steps

0

Fortigate 60D has been used to do HA examples in this post. The back of Fortigate 60D: The configuration steps for Fortigate High Availability is the easiest one comparing other firewall vendors. Fortigate cookbook “High Availability with two FortiGates” has presented enough detailed steps for most situations. In this post, it records the steps I just recently did. Topology: WAN1 is connecting to External switch then connected to Internet.LAN port 1 is connecting to Internal…