Clik here to view.
FortiGate Out-of-Band Management
In some situations you want to manage your firewall only from a dedicated management network and not through any of the data interfaces. For example, when you’re running an internal data center with no...
View ArticleClik here to view.
Basic MP-BGP Lab: Cisco Router, Palo Alto, Fortinet
While playing around in my lab learning BGP I configured iBGP with Multiprotocol Extensions (exchanging routing information for IPv6 and legacy IP) between two Cisco routers, a Palo Alto Networks...
View ArticleClik here to view.
Trying to change an IPv6 Link-Local Address on a FortiGate
I got an email where someone asked whether I know how to change the link-local IPv6 addresses on a FortiGate similar to any other network/firewall devices. He could not find anything about this on the...
View ArticleClik here to view.
Fortinet FortiGate (not) using NTP Authentication
A security device such as a firewall should rely on NTP authentication to overcome NTP spoofing attacks. Therefore I am using NTP authentication on the FortiGate as well. As always, this so-called...
View ArticleClik here to view.
Using a FortiGate with a 6in4 Tunnel
For some reason, I am currently using a FortiGate on a location that has no native IPv6 support. Uh, I don’t want to talk about that. ;) However, at least the FortiGate firewalls are capable of 6in4...
View ArticleClik here to view.
iperf3 on a FortiGate
This is a really nice feature: you can run iperf3 directly on a FortiGate to speed-test your network connections. It’s basically an iperf3 client. Using some public iperf servers you can test your...
View ArticleClik here to view.
FortiGate bug: firewalls sending excessive requests to the NTP Pool
The NTP Pool is a volunteer organization that provides time synchronization service to hundreds of millions of computers worldwide. A typical client might query a particular NTP Pool server ~10-60...
View ArticleClik here to view.
Route-Based VPN Tunnel FortiGate Cisco ASA
More than 6 years ago (!) I published a tutorial on how to set up an IPsec VPN tunnel between a FortiGate firewall and a Cisco ASA. As time flies by, ASA is now able to terminate route-based VPN...
View ArticleClik here to view.
FortiGate Syslog via TLS
As we have just set up a TLS capable syslog server, let’s configure a Fortinet FortiGate firewall to send syslog messages via an encrypted channel (TLS). Let’s go: I am using a Fortinet FortiGate...
View ArticleClik here to view.
Publishing IPv6 NTP Servers with DHCPv6
During the last weeks, I had an interesting request to publish NTP servers to client systems by using DHCPv6 in an IPv6 only network. Our Fortigate (or me?) had to learn how to publish the information....
View ArticleClik here to view.
Accessing IPv6-only Resources via Legacy IP: NAT46 on a FortiGate
In general, Network Address Translation (NAT) solves some problems but should be avoided wherever possible. It has nothing to do with security and is only a short-term solution on the way to IPv6....
View ArticleClik here to view.
Optimized NAT46 Config on a FortiGate
Johannes published a basic NAT46 configuration for a Fortigate firewall with FortiOS 7.0 some time ago. I run such a service (legacy IPv4 access to IPv6-only resources) since FortiOS 5.6, which means...
View ArticleClik here to view.
How to install Palo Alto’s PAN-OS on a FortiGate
It happens occasionally that a customer has to choose between a Palo and a Forti. While I would always favour the Palo for good reasons, I can understand that the Forti is chosen for cost savings, for...
View ArticleClik here to view.
DHCPv6 Prefix Delegation on a FortiGate Firewall
I got DHCPv6-PD aka prefix delegation up and running on a FortiGate. Yes! ✅ Configuring it is tricky since it’s not always clear, which options to use. You cannot see everything in the GUI (it even...
View ArticleClik here to view.
Dual-Stack PPPoE on a FortiGate Firewall
You can use a FortiGate to connect to the Internet (that is: Dual-Stack!) directly in various ways. In my current setup, I’m using a PPPoE residential xDLS connection. It’s not that easy to configure...
View Article