Another feature that's been disabled by default on FortiOS 5 is the UTM Monitors. These are great monitors that quickly show you a snapshot of your AntiVirus, WebFiltering, IPS, Application Control, Email and Dataleak Prevention profiles. We'll go through how-to quickly re-enable these monitors below.
Thursday 31 October 2013
How-to: Enable disk logging on a FortiGate running FortiOS 5
By default disk logging has been disabled on FortiOS v5.0. One of the reasons this was done is because the flash memory on some devices are not designed for constant read/writes, so saving logs to it can degrade the disk (resulting in corrupted sectors). Having said that, we've got a few FortiGates that have been logging to disk for a few years now with no problems.
Tuesday 22 October 2013
How-to: Re-image a Fortigate device
Sometimes you will need to re-image a Fortigate device if you suspect that there is a corruption with the image, or if you get CRC errors upon bootup. All you need is a computer with a network card, a console cable, a TFTP program and a network cable.
Tuesday 15 October 2013
How-to: Get DropBox working on a FortiGate with SSL Deep Packet Inspection enabled
SSL Deep Packet Inspection (DPI) allows the FortiGate to decrypt and scan all HTTPS, SMTPS, POPS, IMAPS and FTPS sessions. It then re-encrypts and sends the packets off on their merry way (essentially a man in the middle attack).
I've recently enabled it in my lab and noticed that my DropBox kept on disconnecting. I suspect it's something to do with FortiGate certificate not being trusted in DropBox which would give an error.
The way I got around this is to enable the web site filter and excempt the dropbox.com domain from the webfilter (and DPI).
To set this up goto Security Policies > Web Filter > Profiles and edit the webfilter profile used in your web policy.
Next enable " and add the dropbox.com domain (simple, exempt & enabled). Click 'Apply' to save.
Now try to log back into DropBox and you should see the status come up as connected!
I've recently enabled it in my lab and noticed that my DropBox kept on disconnecting. I suspect it's something to do with FortiGate certificate not being trusted in DropBox which would give an error.
The way I got around this is to enable the web site filter and excempt the dropbox.com domain from the webfilter (and DPI).
To set this up goto Security Policies > Web Filter > Profiles and edit the webfilter profile used in your web policy.
Next enable " and add the dropbox.com domain (simple, exempt & enabled). Click 'Apply' to save.
Now try to log back into DropBox and you should see the status come up as connected!
Monday 14 October 2013
How-to: Block anonymous FTP uploads on a FortiGate
Recently I've had a customer ask how they can block FTP PUT's on their FTP server for all anonymous (unauthenticated) users, but allow FTP GET's for any user (ie: only let authenticated users upload files, but let anyone download them).
They control this access via the FTP server's account credentials, but wanted to see if the FortiGate could add another level of protection (incase their FTP server got hacked).
This was accomplished by creating some custom IPS signatures.
They control this access via the FTP server's account credentials, but wanted to see if the FortiGate could add another level of protection (incase their FTP server got hacked).
This was accomplished by creating some custom IPS signatures.
Wednesday 9 October 2013
Q&A: How many FortiManager licenses do you require for a FortiGate in a HA pair?
A: You'll only need to license for one device, including any VDOMs.
For example, we have 2x FG1000C's with 100 VDOMs in a HA pair.
The FortiManager will only need to be licensed for 100 devices as the HA pair count as one.
Subscribe to:
Posts (Atom)