FortiGate Certificate Import Errors
Jun27

FortiGate Certificate Import Errors

Posted By on Jun 27, 2022

FortiGate Certificate KB ID 0001791 Problem A colleague messaged me last week because he could not import a certificate on a FortiGate (that had been exported from a Cisco ASA). He was seeing this error; Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert. FortiGate Certificate Problems A brief Google led me to ask “Is the FortGate licensed or on a Free/Trial license?” As that can produce this error...

Read More
FSSO FortiGate Single Sign On
May16

FSSO FortiGate Single Sign On

Posted By on May 16, 2022

FSSO  KB ID 0001786 If you are applying polices with your FortiGate, e.g. Web Filtering or IPS, then the ability to track actual users rather than IP addresses is advantageous, it’s all very well blocking access to adult material or gambling sites, from the corporate network, but most companies want to know WHO is attempting to connect to what and when.  To do that the firewall needs to learn what users are where, we can make...

Read More
FortiGate IPS (IDS)
May05

FortiGate IPS (IDS)

Posted By on May 5, 2022

KB ID 0001783 Problem If you want to employ the IPS service of a FortiGate firewall then you need a license for that privilege. At the time of writing you can get IPS as part of the following subscription licenses; Enterprise Protection SMB Protection (Only on firewalls SMALLER than 100F) Unified Threat Protection (UTP) Advanced Threat Protection (ATP) But Forti love to change the names of things, so double check with your vendor....

Read More
Fortigate Hairpin NAT
May02

Fortigate Hairpin NAT

Posted By on May 2, 2022

KB ID 0001781 Problem Imagine the following scenario, you have a PUBLIC web server and it’s either in the same network your uses are or attached to a DMZ on your FortiGate. So above our users open a web browser and attempts to go to www.ubique.com (1) Their PC will do a DNS lookup for www.ubique.com and (in this case) a public web server returns an ip of 192.168.100.200 (2). The browser then attempts to HAIRPIN to that IP which...

Read More
FortiGate Sub Interfaces (VLAN Trunking)
Jan25

FortiGate Sub Interfaces (VLAN Trunking)

Posted By on Jan 25, 2022

KB ID 0001772 Problem I was asked by a colleague at work the other day, can we replace the Cisco firewalls with FortiGate firewalls for a client? As a business we are heading towards Forti, but before I said yes I wanted to know what the firewall was actually doing before I said yes. On closer inspection the firewall in question didn’t appear to be doing anything too scary, but I did notice that the LAN interface was...

Read More