FortiClient SSL VPN Error
Jul27

FortiClient SSL VPN Error

VPN Error KB ID 0001795 Problem I have a FortiGate/FortiClient test bench setup for testing, and its to been used for a while. When I attempted to use it this happened; Unable to logon to the server. Your username or password may not be configured properly for this connection. (-12) While messing around trying to fix it I also got this error; Unable to establish the VPN connection. The VPN server may be unreachable. (-14) Disclaimer:...

Read More
FortiGate FSSO AD Groups not Appearing?
Jul26

FortiGate FSSO AD Groups not Appearing?

FSSO KB ID 0001794 Problem While recently needing to add a new AD group to my firewalls FSSO setup, (to be used in a policy.) The new group could not bee seen (it’s called GS-Web-Block-Override). FSSO Force Sync The common fix for this is to create a filter on your FSSO agent server, that will ONLY look of the groups you specify like so. However, in my case that didn’t work either! I spent ages trawling Forti pages and...

Read More
FortiGate Certificate Import Errors
Jun27

FortiGate Certificate Import Errors

FortiGate Certificate KB ID 0001791 Problem A colleague messaged me last week because he could not import a certificate on a FortiGate (that had been exported from a Cisco ASA). He was seeing this error; Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert. FortiGate Certificate Problems A brief Google led me to ask “Is the FortGate licensed or on a Free/Trial license?” As that can produce this error...

Read More
FortiGate TFTP : Backup To & Restore From
May26

FortiGate TFTP : Backup To & Restore From

FortiGate TFTP KB ID 0001788 Problem I know FortiGate prides itself on being able to do everything from the GUI, but if you can only get in at CLI and need to take a backup then you need to go old school. Recently I had an HA Pair of Fortis, the primary had broken and I could not get access to the GUI on the standby. My plan was to get a backup, blow both (virtual Firewalls) away, deploy two new ones, and restore the config. What...

Read More
FortiGate Web Filtering Setup and Deployment
May20

FortiGate Web Filtering Setup and Deployment

FortiGate Web Filtering KB ID 0001787 Problem In all honesty, enabling Web Filtering on your FortiGate really could not be simpler, you can simply enable it on your default users outbound policy, and select one of the three ‘pre-canned’ profiles, job done! But most companies not only want to filter their web traffic they want to see who is getting blocked, and what are users trying to get access to. Most businesses now...

Read More
FSSO FortiGate Single Sign On
May16

FSSO FortiGate Single Sign On

FSSO  KB ID 0001786 If you are applying polices with your FortiGate, e.g. Web Filtering or IPS, then the ability to track actual users rather than IP addresses is advantageous, it’s all very well blocking access to adult material or gambling sites, from the corporate network, but most companies want to know WHO is attempting to connect to what and when.  To do that the firewall needs to learn what users are where, we can make...

Read More