FortiGate Web Filtering Setup and Deployment
FortiGate Web Filtering KB ID 0001787 Problem In all honesty, enabling Web Filtering on your FortiGate really could not be simpler, you can simply enable it on your default users outbound policy, and select one of the three ‘pre-canned’ profiles, job done! But most companies not only want to filter their web traffic they want to see who is getting blocked, and what are users trying to get access to. Most businesses now...
FSSO FortiGate Single Sign On
FSSO KB ID 0001786 If you are applying polices with your FortiGate, e.g. Web Filtering or IPS, then the ability to track actual users rather than IP addresses is advantageous, it’s all very well blocking access to adult material or gambling sites, from the corporate network, but most companies want to know WHO is attempting to connect to what and when. To do that the firewall needs to learn what users are where, we can make...
FortiGate IPS (IDS)
KB ID 0001783 Problem If you want to employ the IPS service of a FortiGate firewall then you need a license for that privilege. At the time of writing you can get IPS as part of the following subscription licenses; Enterprise Protection SMB Protection (Only on firewalls SMALLER than 100F) Unified Threat Protection (UTP) Advanced Threat Protection (ATP) But Forti love to change the names of things, so double check with your vendor....
FortiCare Versions Essentials, Premium, or Elite?
KB ID 0001782 FortiCare Versions With the release of the Q2 2022 FortiNet price list, they have decided to split FortiCare up into three different versions FortiCare Essentials: Is the base-level service, and it is targeted toward devices that require a limited amount of support. This service is only offered to FortiGate models 8x and below and to low-end FortiWifi devices. Support includes web only tickets & chat, with next day...
Fortigate Hairpin NAT
KB ID 0001781 Problem Imagine the following scenario, you have a PUBLIC web server and it’s either in the same network your uses are or attached to a DMZ on your FortiGate. So above our users open a web browser and attempts to go to www.ubique.com (1) Their PC will do a DNS lookup for www.ubique.com and (in this case) a public web server returns an ip of 192.168.100.200 (2). The browser then attempts to HAIRPIN to that IP which...
Cisco to FortiGate Command Conversion
KB ID 0001776 Problem Bah what the hell is ‘show run’? If you’ve spent years on Cisco IOS and ASA/Firepower, then FortiGate can be a little confusing. Hopefully this Cisco to FortiGate list below will make it a little easier. Cisco to Fortigate Translation Cisco Command FortiGate Command Basic commands show run show full-config show version get system status show ip interface brief show system interface show run...