Hello,

I have a list of websites that i often search to find solutions or news about Fortinet.
Below is the link list, with some description:

1. www.ipspace.eu -> Yea, i often use this if i forget some troubleshooting commands
2. kb.fortinet.com -> A lot of good articles related to Fortigate problems
3. docs.fortinet.com -> A list with all the FREE books Fortinet provides for its different appliances
4. emea.fortinet.net/fortinet/troubleShooting.php -> used for Hardware Troubleshooting
5. url.fortinet.net/rate/submit.php -> If you found an URL that is put in a wrong category, here you can request a fix
6. campus.training.fortinet.com -> here you can find a lot of useful and FREE Fortigate webinars

That is it.

Hope you enjoy them.

Hello,

It this post i will talk about the AntiVirus feature of Fortigate. Since the firewall from Fortinet has a lot of features it is normal that AntiVirus is one of them.

The processing of the Antivirus application goes as following:

1. File Filter -first it checks if any files match a file filter defined by you. Ex: block any “.exe” files

2. Virus Scan – it then scans the file for known viruses

Fortigate Tutorial 4 – Authentication

The Fortigate aplience support different types of authentication.

Let’s discuss them here:

1. LDAP

Fortigate support all servers that are LDAP compliant. It supports up to LDAPv3

Also LDAP over SSL/TLS is supported. One downside of using LDAP is that the Fortinet firewall does not  supply any information on why the user authentication failed. For the reason you must check the Server itself.

2. Local Users

You can define local users on the Fortigate itself, by defining a user name and a password for the user.

3. RADIUS

Radius is also supported on the Fortigate. For this you just define a RADIUS server and define the shared key between the RADIUS server and the FG.

All of us have problems sometimes with DHCP, especially if we use the Fortigate it as a DHCP relay server.

The following commands are used to best troubleshoot the DHCP process:

#diag debug en
#diag debug console timestamp en

The following is used if we use IPSec DHCP relay

#diag debug app dhcprelay 7

The following is used if we are using IPsec DHCP Server

#diag debug app dhcps 7

Here is the 2nd Tutorial that i created, hope you enjoy this one too.

Logging and Alerts 

Fortigate can store its logs in the following:

1. Local HDD – this option can be enabled from the CLI

2. FortiAnalyzer – this is my favorite. It is a device to which Fortigate sends all the logs and then you can create pretty reports.

This option can be enabled by providing the IP of the FortiAnalyzer(FA) or by using “Automatic Discovery”, but for the automatic discovery you will need to have the FA in the same subnet as the Fortigate.

Fortigate AntiVirus and AntiSpam

As we all know Fortigate provides a lot a features for only one device.

Let’s see how some of them work:

I. AntiVirus 

This tool scans the traffic and applies the following rules:

1. File size – if a file is large that what you define, then this gets dropped

2. File pattern – if a file matches a pattern, it get dropped

3. Virus scan – it scans a file for virus, if it gets a positive then it gets dropped

4. Grayware – scans for grayware programs

5. Heuristic – scans with an heuristic algorithm

6. File type – you can define some types that gets dropped

II. AntiSpam

Hello,

This is my first post regarding troubleshooting Fortigate devices.

To troubleshoot the Fortigate VPN configuration we will use the following commands:

#diag debug enable
#diag debug console timestamp en #this command shows the time-stamp
#diag debug app ike -1  <- used for v4.0MR1 #diag vpn ike log-filter dst-addr4 <-used from v4.0MR2 to the latest version #diag debug app ike -1

<IP_PEER&gt <- is the ip of the remote peer.

To disable the VPN logging we can use:

#diag debug disable
#diag debug console timestamp dis
#diag debug app ike 0
 

The following commands show the active VPN tunnels:

#diag vpn tunnel list
#diag vpn gw list