Browsing All Posts filed under »Fortigate«

Play with Fortigate on your own ground!

June 30, 2012

15

It is the 3rd Firewall I tries at home on my laptop, that is required for my work. Cisco ASA works in GNS3 http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/ Checkpoint Firewall works in Virtualbox too, that is a great advantage for me as it is free and really easy to use. And now the Fortigate can work in test enviroment […]

CRC Error on Fortigate

June 30, 2012

5

Sometimes the Fortigate devices has problem and they do not want to boot anymore (my experience is 2 from about 50 Boxes). Sometimes we have to buy a new one, but in this case I mention we should not. The message crc error is a problem that we can solve alone. Official link for RIM: […]

WAN optimization with Fortigate

June 20, 2012

2

Actually this feature is a feature that I have never seen in Cisco ASA or in Checkpoint Firewall. And after reading the original documentation for that I have realised that it knows much more than I have ever expected! :-) The post contains useful notes from the original doc and my summary for the FCNSP […]

IPS on Fortigate

June 19, 2012

1

In this Post I will demonstrate for myself how to create a custom signature and how to modify an IPS Sensor. 1. Custom signature configuration. The configuration of the IPS happens in the following order. 1. Define a signature 2. Define your IPS sensor 3. Add IPS sensor to the firewall policy Used Version: v4.0,build0521,120313 […]

LDAP Authentication on Fortigate

June 19, 2012

0

On Fortigate we can use LDAP Server for user authentication. What I miss here is the 2 important things what Cisco calls AAA -Authentication -Authorization –> missing -Accounting –> missing – Fortigate Supports LDAP, RADIUS, TACACS, with LDAP it can only authenticate users, authorization is only possible with TACACS. – With Fortigate we cannot define […]

RA VPN Configuration on Fortigate

June 19, 2012

0

Remote Access VPN with fortigate client configuration. Used Version: v4.0,build0521,120313 (MR3 Patch 6) 1. Add user. In this example a simple local user, but as we can see the list of the remote authentication servers, the fortigate has a lot of possibilities. myfirewall (root) # sh user adgrp FSSO groups ban configure banned IP addresses […]

RPF – AKA Antispoofing on Fortigate

June 19, 2012

0

With the RPF function the Firewall checks if the packet comes in the firewall on the correct interface and does not try to spoof the address. For example in a DMZ network a packet coming in the dmz interface of the firewall and has a source IP from the internal network is spoofed. The firewall […]