Clik here to view.
IPsec Site-to-Site VPN FortiGate FRITZ!Box
Hier kommt ein kurzer Guide wie man ein Site-to-Site VPN zwischen einer FortiGate Firewall und einer AVM FRITZ!Box aufbaut. Anhand von Screenshots zeige ich die Einrichtung der FortiGate, während ich...
View ArticleClik here to view.
Policy Routing on a FortiGate Firewall
This is a small example on how to configure policy routes (also known as policy-based forwarding or policy-based routing) on a Fortinet firewall, which is really simple at all. Only one single...
View ArticleClik here to view.
OSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto, Quagga
Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, Palo Alto, and Quagga Router. I am showing my lab...
View ArticleClik here to view.
FortiGate 2-Factor Authentication via SMS
Two-factor authentication is quite common these days. That’s good. Many service providers offer a second authentication before entering their systems. Beside hardware tokens or code generator apps, the...
View ArticleClik here to view.
Basic IPv6 Configuration on a FortiGate Firewall
It’s really great that the FortiGate firewalls have a DHCPv6 server implemented. With this mandatory service, IPv6-only networks can be deployed directly behind a FortiGate because the stateless DHCPv6...
View ArticleClik here to view.
CLI Commands for Troubleshooting FortiGate Firewalls
This blog post is a list of common troubleshooting commands I am using on the FortiGate CLI. It is not complete nor very detailled, but provides the basic commands for troubleshooting network related...
View ArticleClik here to view.
MRTG/Routers2: Template FortiGate
A few weeks ago I constructed an MRTG/Routers2 template for the Fortinet FortiGate firewalls. I am using it for monitoring the FortiGate from my MRTG/Routers2 server. With the basic MRTG tool...
View ArticleClik here to view.
FortiGate: Software-/ Hardware-/ VLAN-Switch
I am still a bit confused about the different switch types a FortiGate firewall is able to handle. While there are a lot of information on the Internet about the “internal-switch-mode” of...
View ArticleClik here to view.
FortiGate HA Cluster
This is a step-by-step tutorial for configuring a high availability cluster (active-standby) with two FortiGate firewalls. Since almost all firewall vendors have different principles for their HA...
View ArticleClik here to view.
FortiGate VPN Speedtests
Triggered by a customer who had problems getting enough speed through an IPsec site-to-site VPN tunnel between FortiGate firewalls I decided to test different encryption/hashing algorithms to verify...
View ArticleClik here to view.
FortiGate IPv4 vs. IPv6 Performance Speedtests
I was interested in the performance of my FortiGate firewall when comparing IPv4 and IPv6 traffic. Therefore I built a small lab consisting a FortiWiFi 90D firewall and two Linux clients running Iperf....
View ArticleClik here to view.
FortiGate Virtual IPs with Interface “Any”
On the FortiGate firewall, address objects and virtual IPs (VIPs) can be set up with an interface. For address objects this has no technical relevance – the address objects simply only appear on...
View ArticleClik here to view.
FortiGate Virtual IPs without Reference
Migrating from Juniper ScreenOS firewalls to FortiGates, there are some differences to note with static NATs, i.e., Mapped IPs (MIPs) on a Netscreen and Virtual IPs (VIPs) on a FortiGate. While the...
View ArticleClik here to view.
Fortinet Feature Requests
I really like the FortiGate firewalls. They are easy to manage and have lots of functionality. However, I am also aware of some other firewall products and therefore have some feature requests to...
View ArticleClik here to view.
FortiGate Application Traffic Shaping
This is a really cool and easy to use feature of the FortiGate firewall: the traffic shaper. Once an application category uses too much traffic, the bandwidth consumption can be decreased with it. Just...
View ArticleClik here to view.
CPU Usage Increase FortiGate 100D -> 90D
A few weeks ago I swapped a FortiGate 100D firewall to a 90D firewall. The 100D was defective and needed to be replaced. Since the customer only has a 20 Mbps ISP connection, I thought that a FortiGate...
View ArticleClik here to view.
Basic IPv6 Configuration on a FortiGate Firewall
It’s really great that the FortiGate firewalls have a DHCPv6 server implemented. With this mandatory service, IPv6-only networks can be deployed directly behind a FortiGate because the stateless DHCPv6...
View ArticleClik here to view.
CLI Commands for Troubleshooting FortiGate Firewalls
This blog post is a list of common troubleshooting commands I am using on the FortiGate CLI. It is not complete nor very detailled, but provides the basic commands for troubleshooting network related...
View ArticleClik here to view.
Palo vs. Forti: Blog Stats
I want to talk about a fun fact concerning my blog statistics: Since a few years I have some “CLI troubleshooting commands” posts on my blog – one for the Palo Alto Networks firewall and another for...
View ArticleClik here to view.
IPv6 IPsec VPN Tunnel Palo Alto FortiGate
Towards the global IPv6-only strategy ;) VPN tunnels will be used over IPv6, too. I configured a static IPsec site-to-site VPN between a Palo Alto Networks and a Fortinet FortiGate firewall via IPv6...
View Article