The Packets, Life and everything
Recently, we encountered significant CPU and memory utilization spikes on one of our Fortigate Firewalls. Despite consistently handling around 1.5 million sessions for several months without any problems, the situation took a turn for the worse. The firewall became unresponsive through the Command Line Interface (CLI), and at that time, we hadn't configured a dedicated …
It is a good idea to do basic DoS Protection, even internaly. Configuring DoS policyVerificationdiagnose ips anomaly listReleasing the blocked sendersdiagnose ips anomaly clearLinks Configuring DoS policy This will configure a basic DoS Policy for Traffic with default values and block violations for 2 Minutes. config firewall DoS-policy edit 1 set name "ALL DoS-Policy" set …
Force VPN Tunnels to the CPUFirst you need to force the Encrypted traffic over the CPU. Take packet captures from the GUI It is somehow counter intuitive but we need to take care that the IPSec session is not offloaded into Hardware. This basically the Opposite as described in Ensuring IPSec traffic is offloaded for …
Continue reading "Fortigate – IPSec Troubleshooting – VPN Analyse"
get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF …
Continue reading "Fortigate – get router info routing-table all"
BGP Prevent becoming an Transit ASNo-Export CommunityCisco cisco01config show ip bgp summaryshow ip routeshow ip bgpcisco02config show ip bgp summaryshow ip routeEdgeRouter-Xedge01configshow ip routeedge02configshow ip routeFortiGateconfigget router info routing-table detailsTestsLinks BGP Prevent becoming an Transit AS The soution at hand is a Filter-list with AS-PATH access-list on the provider bgp session to let only local …
Patrick Marc's Networks 