The Fortigate Firewall has more diagnostic tools, but you will mostly be faced with the following problems:

1. Conserve Mode

This problem happens when the memory shared mode goes over 80%.
To exit this conserve mode you have to wait (or kill some  of the processes) until the memory goes under 70%.

2. Antivirus FailOpen

This is a safeguard feature that determines the behavior of the Fortigate AntiVirus System, when it becomes overloaded with high traffic.

To mitigate this you have more type of options:

#set av-failopen { off | on-shot | pass | idledrop}

Below we will describe what all of them do:

a. Off – if the FG enters conserve mode, the Fortigate will stop accepting new AV sessions, but will continue to process currently active sessions

I thought it would be useful to list all my posts that are related to the Fortinet exam called FCNSA.

Here are my FCNSA Notes:

1. Fortigate Default Settings

2. Fortigate Default Protection Profiles

3. Fortigate Logging and Alerts 

4. Fortigate Antivirus and Antispam 

5. Fortigate service – Fortiguard 

6. Fortigate Authentication

7. Fortigate Antivirus

8. Fortigate Web Filtering 

Hope this helps you guys as it helped me passing my FCNSA exam.

Fortigate VDOMs

What are Fortigate VDOMs(Virtual Domains)?

Well Fortigate VDOMs are like ASAs contexts, you are able to separate the firewall so it looks like you have 2, with different management and user groups. With ASA you lose some features when you enabled contexts, but in the Fortinets’ Firewall you do not lose any features.(Isn’t that just great?!)

VDOMs features:

1. Have separate routing and firewall services

2. Each physical interface belongs to only one Virtual Domains

3. By Default for the VDOMs to communicate you need an external source(Internet) to allow the communications

4. By Default 10 VDOMs are supported (in NAT or Transparent Modes)

5. The Configuration file of the Fortigate, holds all VDOM configuration. EX: AntiVirus, IPS and System Time

I. VDOM Configuration Features:

Fortigate Tutorial – Web Filtering

Fortigate processes Web Filtering options in the following order:

1. URL Filtering

2. Fortiguard Web Filtering

3. Content Exempt

4. Content Block

5. Script Filter

6. Antivirus

Let’s talk a little about all of them:

1. URL Filtering – you define what URLs the Fortigate can block

2. Fortiguard Web Filtering – based on the categories you choose, the Fortigate will block the pages

3. Web Content block

This option blocks specific words or patterns. You can use Perl regular expressions and the based on scores you can block those

4. Web Content Exemption – allows the administrator to override the web content block feature.

Fortigate Tutorial – Spam Filtering

Fortiguard uses the industry standard definition of spam as Unsolicite Bulk Email.

Here are the Spam Filtering Methods implemented by Fortinet to its appliances:

1. IP Address Check

2. URL Check

3. Email Checksum Check

4. Spam Submission

5. Block/White List

6. HELO DNS Lookup

7. Return E-mail DNS check

8. Banned Words

9. MIME check

10. DNS Blackhole List (DNSBL) and Open Relay Database List (ORDBL)

II. Fortiguar AntiSpam

Global Filters

1. FortiIP Sender IP Reputation Database (based on the reputation of the IP)

Hello,

I just created a Twitter Account. You can find me here.

Follow me for great Networking and Security News.

How many of you broke your MBR while trying to add another Operating System. You are in luck, to fix it you do not need more than 5 minutes.
Here are the steps to do it:
1. Select from BIOS the Cd-ROM/DVD-ROM as your first boot device.
2. Save options and exit
3. Put the bootable Windows 7/XP/Vista in your CD-ROM and press any key when you see the prompt “Press any key to boot from CDROM”
4. You will get prompted with a blue screen. Press “R” for repair
5. Select the Windows you have installed(7, XP, Vista) and then enter your Administrator password.
6. You will see a DOS/CMD prompt. Just type in “FIXMBR”.
7. After the MBR is fixed typed in “EXIT” for the system to restart.

That is all! The MBR should be fixed now.

Good luck!

Hello,

I have found a great video that i find really interesting.

Hope you enjoy  it:

Hello,

Whenever i have the change i read the following Magazine that i highly recommend.

Here is the download link: Insecure Magazine 

Hope you enjoy it!

Fortigate Tips and Tricks

This article presents some useful commands/tricks that you can do to your Fortigate.

Debug Addresses:
Many times it happens that we have a lot of firewall policies for one address defined in our address Pool.
Let’s take an example:
We have “WWW_Server” defined with the IP of 172.18.1.10. To see what policies are using this Address we can use the following:

#diag sys checkused firewall.address:name ‘WWW_Server’
[singlepic id=8 w=320 h=240 float=]