How-to: Factory reset a FortiGate

We get dozens of FortiGates back from evaluations and the standard way of factory reseting the configuration is by running the command execute factoryreset.

This will reset the full configuration back to factory default.

The problem is that it does nothing to the flash, and sometimes clients make revision configuration saves to the flash.

How-to: Route all internet traffic through one link and all VPN traffic through another on a FortiGate

Recently one of our customers configured a FG60D with two ADSL WAN links (both on the same provider, going to the same default gateway). They wanted all internet traffic to go out through WAN1 and all RDP and VPN traffic to go out through WAN2.

The problem was when they created the policy based route (PBR) for all outbound internet via WAN1, it also sent the traffic destined for the VPN through the same interface and thus failed.

Q&A: Do FortiFones come with power supplies?

Today I had a customer ask if the FortiFone 560i comes with a power adapter since there's no mention of it on the price-list. There is also no mention of a power adapter being supplied in the 'Quick Start Guide' either.

To clarrify, all x60i phones (260i, 360i, 460i, 560i) come with a power supply included in the box.

They all support PoE except for the 260i which can only run on the power supply.

How-to: Create an interface usage report on a FortiAnalyzer

This quick how-to guide will go through creating a chart/report on a FortiAnalyzer to show the upload, download and total data transfers for interfaces on a FortiGate.

This config is done a FortiAnalyzer running 5.0.5.

***Updated with new CASE selector***

How-to: Automate FortiGate configuration backups

The FortiGates don't have any backup automation abilities out of the box. Generally you'd use a FortiManager for the config, backup and control of multiple FortiGates.

I've recently setup a lab with several FortiGates for testing and wanted a simple way of backing up the configs every day so I could always revert back to a previous day quickly.

You could just backup the config before making changes, but I wanted to automate this process. Below is a quick and dirty script to automate the config backup.

A few notes to begin with; this script requires a read only user to be created on each FortiGate that have the same password. These passwords are stored in the script itself; so while it never gets transmitted in cleartext over the link, be aware that it is stored in the file. Since this is a lab and it's a readonly account I'm not too fussed. Another thing to note is that the strict host check for the SSH keys has been disabled (so you don't get a confirmation request for new IP addresses). There is a more secure way to do this without using passwords but ssh keys which I may create a blog on at a latter date.

The only dependency is that the script requires sshpass to be installed.

My guide goes through setting this all up on a Debian based Linux system (like Mint or Ubuntu). It should be fine to work on other distributions with few command changes.

How-to: Connect X-Lite to a FortiVoice System

X-Lite is a free SIP softphone by CounterPoint that I use for testing SIP extensions on VOIP systems. The below steps detail how you would configure a FortiVoice (formerly TalkSwitch) as well as X-Lite.

How-to: Configure DHCP Custom Options on a FortiGate

FortiGates allow you to configure upto six custom DHCP options beyond the standard default gateway, DNS, NTP and domain options.

We'll go through the steps to configure a DHCP server from scratch and configure the most commonly used options as well as a few custom ones.

Unable to see any applications in 'Top Applications' on a FortiGate

Recently upon upgrading to 5.0.5 I've noticed that none of the applications are showing up correctly in the 'Top Applications' dashboard. Instead they are all showing up as 'Unknown'.

We'll go through the quick steps to re-enable Application logging so that this dashboard shows us the correct applications.

How-to: Send email alerts from a FortiGate

Sending alert emails is a useful way of keeping track of security events within your firewall without having to log into it several times a day.

With FortiOS version 5, the Alert E-Mail option has been removed from the GUI by default unless a messaging server has been configured.

How-to: Enable UTM Monitor on a FortiGate running FortiOS 5

Another feature that's been disabled by default on FortiOS 5 is the UTM Monitors. These are great monitors that quickly show you a snapshot of your AntiVirus, WebFiltering, IPS, Application Control, Email and Dataleak Prevention profiles. We'll go through how-to quickly re-enable these monitors below.