Clik here to view.
Creating a Fortianalyzer to Fortigate IPSEC Secure connection
The Fortianalyzer is a great product. It can give very deep analysis of exactly what is going through the network and allow you to create/schedule reports to show this data. You also have very quick...
View ArticleClik here to view.
Creating a Fortigate Virtual IP – External to internal Port Forwarding
Hello, I noticed one thing I have never created a blog entry on creating a Virtual IP to allow access from the internet into a local server. This entry is for a VIP and Policy creation on firmware...
View ArticleClik here to view.
Ruckus Self Service portal for Guest access
Ruckus brought in the Guest Self Service portal in firmware 9.10.0.0 build 218 – so if you are looking to configure it please install this update first (Check release notes for proper upgrade path)....
View ArticleClik here to view.
Configuring an IP address and enabling services such as SSH/HTTPS on Brocade...
When Brocade purchased Vyatta I was nervous, but they have done a really good job with it. They keep it updated, and now have added a lot of functionality and increased services with the 6400 version....
View ArticleClik here to view.
Passing VLAN tags through a Ubiquiti NanoStation M5
I was working with some wireless bridge the other day that I had never used. I needed to get VLAN tags to pass through this wireless bridge, but for some reason they were not. I thought.. this is a...
View ArticleClik here to view.
Cisco Duplicate IP address 0.0.0.0 ERROR – IP Device Tracking/NMSP
Recently I was seeing this error pop up on many Windows desktop clients: The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address...
View ArticleClik here to view.
Cisco Router IOS Policy-based NAT for VPN traffic
I thought I would blog on this. It could be useful for someone who might have an IOS router instead of an ASA and need to create a IPSEC Site-to-Site VPN to a remote peer, then NAT VPN traffic to a...
View ArticleClik here to view.
Fortigate Radius SSO with Ruckus 802.1x logins using NPS
This is an amazing method for getting users in their correct groups in Fortigates. This way we can apply different security profiles to individual groups, all through one 802.1x login. This example is...
View ArticleClik here to view.
Cisco Errdisable and recovery options
Errdisable is an extremely cool feature on Cisco switches that can place a port into a disabled state due to some reason/errors on the port. There are many reasons a port can be disabled: Duplex...
View ArticleClik here to view.
Enabling SSH on Dell Powerconnect 5000/6000/7000
No one is probably trying to even do this anymore due to the new Dell switching lines, but thought I would see if I could help. I had this issue the other day, and it took a good bit of googlefu before...
View ArticleClik here to view.
Fortigate FSSO and LDAP source IP
I was presented with a scenario the other day where we had two sites connected with a Site-to-Site VPN. The VPN was up and working great, but FSSO and LDAP would not connect to servers on the other...
View ArticleClik here to view.
Fortigate Login Banner
Login banners are a great way of explicitly asking users if they are authorized to log in, show your legal terms, or just leave a message for users when they log in such as ‘don’t forget to backup the...
View ArticleClik here to view.
Fortigate SSL VPN – Portal DNS
I have been working with Fortigate for a long time now, one thing that bugged the life out of me (and most clients I work with) is that Fortigate’s SSL VPN feature would not allow you to specify...
View ArticleClik here to view.
Fortigate Radius group authentication
The Fortigate firewall has a limitation of 10 LDAP servers that you can have on one FGT to do look ups. Normally this is not a problem in the least. Unless you have over 10 domains that you need to do...
View ArticleClik here to view.
Fortigate BGP aggregate address
I like to keep routing tables as clean as possible, and if your IP design and structure allows for very classful subnetting then there is no reason, I see to advertise all of your individual subnets...
View ArticleClik here to view.
Foritgate 5.4- Changing the interface theme
In 5.4 you now have the option to change the interface color. This is a great setting, because I am not a fan of the emerald green interface that’s default. This is a great option, and easy to change....
View ArticleClik here to view.
Blocking geographic regions in Fortigate 5.4
The best docs are always at docs.fortinet.com Sometimes I get asked by clients how to block know attacking countries like Russia, or China from accessing their websites. I often hear that only US...
View ArticleClik here to view.
Fortigate – filtering inbound BGP routes from neighbors, including Default
The other night I had need to stop receiving a default route advertised from my BGP peer. I also thought it would be helpful for anyone that is needing to do this – and to help myself, since I forget...
View ArticleClik here to view.
Cisco ASA 8.4+ manual nat – the only way to nat!
Before learning the more about Manual or “Twice Nat” I would use individual object NAT (Auto NAT) for my incoming services, and use Manual NAT for my No-NAT or if I had to NAT VPN traffic before...
View ArticleClik here to view.
Fortinet – Creating vlans for devices directly connected to device
The other day I had the need to plug a Ruckus Access point directly into the Fortigate firewall. The client only needed 1 AP, and connecting directly into one of the ports on the Fortigate was the best...
View Article