Category: Fortinet

Posted on

Fortinet L2 VDOM and VLANs

FGT (interface) # edit port37.vlan100new entry 'port37.vlan100' addedFGT (vlan100) # set vdom L2-testFGT (vlan100) # set interface port37FGT (vlan100) # set vlanid 100FGT (vlan100) # set forward-domain 100FGT (vlan100) # nextFGT (interface) # edit aggr1.vlan100new entry 'aggr1.vlan100' addedFGT (vlan200) # set vdom L2-testFGT(vlan200) # set interface aggr1FGT (vlan200) # set vlanid 100FGT (vlan200) # set …

Continue reading "Fortinet L2 VDOM and VLANs"

Posted on

Cisco – QoS

After dealing with CBQoS in the past days, some observations i have made Cisco seams not to fill the SNMP variables on Catalyst 2960C /2960CG / 2960CX platforms. snmp genarator is picky about ordering. You may find this line "- source_indexes: [cbQosObjectsIndex, cbQosPolicyIndex]" in the GitHub Issues but this "- source_indexes: [cbQosPolicyIndex, cbQosObjectsIndex]" seams to …

Continue reading "Cisco – QoS"

Posted on

Fortigate – Policy lookup

Tests is there someone listening netstat -an | findstr 0.0.0.0:80 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING UDP 0.0.0.0:80 *:* Powershell port test Test-NetConnection -ComputerName "10.55.113.101" -Port 80 -InformationLevel "Detailed" Lookup soure interface get router info routing-table details 10.255.2.250 Lookup the policy diagnose firewall iprope lookup 10.255.2.250 30000 10.137.2.104 80 tcp port1 matches policy id: 1039431 The policy …

Continue reading "Fortigate – Policy lookup"

Posted on

Fortigate – Fortimanager install issues and backward compatiblity

We utilize FortiManager's Provision CLI Templates to establish common configurations on our Firewalls This approach is practical to ensure that these settings are consistently applied during every firewall installation. However, we encounter from time to time the issue with FortiManager, that the CLI Templates lack awareness of the Firewall's specific versions. Unfortunately, the FortiGate CLI …

Continue reading "Fortigate – Fortimanager install issues and backward compatiblity"

Posted on

Fortinet – Customize replacement messages for individual web filter profiles

# config system settings set gui-replacement-message-groups enable end config system replacemsg-group edit "wf-incomming" set comment '' set group-type utm config http edit "urlfilter-err" set buffer "<!DOCTYPE html><html> <head> <meta charset=\ "UTF-8\"> <title> Redirecting to pp52.de </title> <meta http-equiv=\"ref resh\" content=\"0; url=https://pp52.de/\"> </head> <body> </body></html >" set header http set format html next edit "url-block" set …

Continue reading "Fortinet – Customize replacement messages for individual web filter profiles"

Posted on

FortiGate – Viewing FIB/RIB routing information in CLI

"Reminder to self regarding routing information: This document is derived from Fortinet KB Articles and covers topics such as accessing FIB/RIB routing data via the CLI, understanding the routing process in FortiGate (route-lookup-process), handling multiple default routes when SD-WAN rules are not the preferred option, and more." Routing in FortiGate (route-lookup-process) How does FortiGate decide …

Continue reading "FortiGate – Viewing FIB/RIB routing information in CLI"

Posted on

What is my IP? ifconfig.me / ifconfig.io

Short collection of what is my IP Servers. ifconfig.io ifconfig.me ifconfig.co icanhazip.com Usage curl ifconfig.co/port/22 SD-WAN As a personal note route ifconfig.* over the primary connection on the Fortigate firewall and icanhazip.com over the secondary config firewall address edit "ifconfig.co" set type fqdn set fqdn "ifconfig.co" next edit "ifconfig.me" set type fqdn set fqdn "ifconfig.me" …

Continue reading "What is my IP? ifconfig.me / ifconfig.io"

Blog at WordPress.com.