Questions tagged [fortigate]
firewall appliance made by fortinet - includes capwap wireless controller and fortios software
109
questions
0
votes
0
answers
12
views
FortiGate 40F send syslog to Python
I want to foward syslog from my FortiGate 40F firewall to Python script. I need firstly to setup logging for all traffic on the firewall.
I have created a Python script that I have tested with my Asus ...
0
votes
0
answers
128
views
How to find HA interface mac address in Fortigate?
We have two Fortinet and HA them. In "primary" I can see the Mac address for all interfaces easily in Network -> Interfaces -> Edit Interface. but I can't find the Mac address for &...
0
votes
1
answer
108
views
Azure Ubuntu VM direct S2S VPN - without VPN Gateway. Is it possible?
I would like to connect on prem Fortigate FW with one azure Ubuntu VM - direct. Is it possible without Azure VPN Gateway?
Config works with other vendor but no in Azure. Is that kind of config blocked ...
0
votes
0
answers
107
views
Strongswan site to site with fortigate issue seems some thing about phase 2
Hello all, sorry to bother you guys, i already spend 3 days on it,
still can not make it work, Could you take a look? Thank you in
advance <3.
fortigate info:
Public ip: 41.223.XX.XX
Internal ...
0
votes
0
answers
35
views
Strongwan S2S VPN to Fortinet
I want to hide my local hosted server behind a public VPS. So i established a VPN between my local firewall(fortinet) and my
vps(strongswan).
Diagram
The VPN is up but no traffic at all. Even in ...
0
votes
0
answers
263
views
Ubuntu - IPSec VPN with Dual Stack / Strongswan
I'am trying to setup a IPSec VPN (ike1) for our Linux clients. But we need dual stack with ipv4 and ipv6.
The endpoint is a Fortigate firewall. With two phase2, one for IPv4 and one for IPv6. The ...
0
votes
0
answers
264
views
issue with fortigate vpn using windows native vpn client: Overlay Controller VPN communication error (Members)
So yesterday we put into production a new vpn connection using a fortigate rugged 30d as the server and a windows server 2016 as the client using the windows native VPN client.
It was working for the ...
0
votes
0
answers
45
views
Radius authorized WiFi clients cannot access network
I am using Fortigate + FortiAP and a Radius (WS 2019 NPS) for authorization.
I can access the WiFi, I receive IP from dhcp (which is in the network), however I cannot go anywhere else.
I cannot even ...
0
votes
0
answers
278
views
Cannot authorize WiFi user on FortiGate via LDAP
I am using Fortigate + FortiAP for WiFi. The WiFi is working, I can connect to it via for example WEP password. However, I want to authorize all my LDAP (Windows Standard 2019 AD) users vie WPA ...
0
votes
1
answer
81
views
FortiGate Next Gen Firewall AWS security groups
I'm new to AWS using a FortiGate in front as the gateway. Would you need to utilize the security groups, or could I make one to permit all traffic and attach it since the fortigate handles everything.
-1
votes
1
answer
363
views
remove fortigate account from fortinet router
i have fortigate 60E that was register on computing company ,
now this company has been closed and already passed more then 3 years ,
im trying to unregister the fortiget its ask for the password of ...
0
votes
1
answer
1k
views
Cannot delete fortigate gre tunnel
I have created a GRE tunnel on Fortigate 1100E. Now I want to remove this tunnel, but I receive this error:
Current vf=root:0.
A tunnel interface cannot be deleted directly.
Command_cli_delete:6677 ...
0
votes
1
answer
688
views
VPN Site-to-Site pfSense to fortigate : authentication failed
I can't make my VPN connection between à Fortigate 7 and a pfSense working.
Problem seems to be on fortigate side with logs :
ike 0:IPSec StS:276: sent IKE msg (AUTH): 10.10.1.1:4500-><IP1>:...
0
votes
0
answers
554
views
Internal Virtual Server
I've been reading about Virtuals servers with fortinet:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/713497/virtual-server
But it seems that only works redirecting a public IP to ...
1
vote
0
answers
30
views
How to align a backup IP block to same Virtual IP definitions as active block?
We recently added a backup ISP for our rack. Simply put, in the event that our primary connection goes down we would like to be able to switch to our backup connection. Right now we have primary ...
0
votes
0
answers
5k
views
Fortigate VPN for some users: "Unable to logon to the server. Username or password may not be properly configured for this connection. (-12)"
We are using a Fortigate 60F, to which we usually connect to VPN using the Forticlient app. Everything used to work fine, but for the last two or three days, we have two users that cannot connect and ...
0
votes
1
answer
2k
views
Port forwarding on a FortiGate firewall sitting behind an ISP router
I have a FortiGate firewall (30E) which is sitting behind a router (provided by ISP).
The router has allocated local IP to the firewall and from this firewall subnet is created on which the server is ...
0
votes
0
answers
2k
views
Unable to authenticate with IPsec tunnel on FortiGate via Windows native client
I have setup an IPsec tunnel on our FortiGate 51E (FortiOS v6.2.10 build1263 (GA)) and I am able to connect via my Windows native client, however when I am asked for a username and password, I am ...
1
vote
1
answer
590
views
2 Remote Sites, 2 Different Subnets, with interconnectivity. How to create a single subnet for servers at both locations?
Current Environment:
We currently have 2 remote sites, both with their own LAN subnet and servers hosted at each site. Currently each site is using 1 subnet for the clients and servers. Both sites are ...
0
votes
1
answer
913
views
Unable to access webserver on internal network either via domain or ip address
I am currently trying to set up a FortiGate 40F firewall. But somehow I am unable to get access to the server from the same network going via the external IP or domain.
I got a VLAN set as 10.0.4.x ...
-1
votes
1
answer
2k
views
Cannot connect a Fortigate VPN behind a static NAT to a GCP VPN gateway
Here's the need:
Connect a Fortigate device behind a static 1:1 NAT to the Internet to a Google Cloud Platform (GCP) VPN gateway.
Simplified ASCII Diagram:
LOCAL_LAN ---- Fortigate ----- Fiber modem --...
-2
votes
1
answer
49
views
Going to implement new Infrastructure in HQ Office with 1 firewall, 1 L3 Switch, 5 L2 Switch, 2 Managed WIFI AP and 1 Server [closed]
Im going Implement Network in HQ Office which will link also with Branches Office. What IP Address Class is recommended on this scenario? Need some assist to Kick Off on this. I have 1 unit Fortigate ...
2
votes
0
answers
882
views
Fortigate and RADIUS Wifi authentication for domain and non-domain devices
We're setting up RADIUS authentication for wireless network connections through a Windows Server 2012 R2 (NPS).
We have to allow both domain computers (registered in Active directory) and non-domain ...
1
vote
0
answers
485
views
routing ppp <-> wireguard interfaces
I want to connect via wireguard to a droplet that will be running openfortivpn for connecting to a 192.168.11.0/24 network. I have confirmed that only traffic to 192.168.11.* goes through fortivpn and ...
0
votes
1
answer
127
views
Compare url link and url text in email body and reject as SPAM
Email body:
... <a href="url">text</a> ...
Is it possible check if text is url in email body, then compare url and text and reject as SPAM if they differ?
1
vote
1
answer
7k
views
Azure Site-to-Site VPN and Fortigate IPSec Phase 2 error on SA re-establishment - "peer SA proposal not match local policy"
I am documenting this for posterity. After a period of IPSEC tunnel being succesfully up and working beteen Azure VPN Gateway and Fortigate 200 E firewall running FortiOS v6.4.4 build1803 (GA), the ...
-1
votes
1
answer
460
views
Email Two-Factor Authentication on FortiGate
I'm currently implementing Multi-Factor Authentication on FortiGate, using mailer system and refer to this document link.
There is no options to change the subject or content of email, because ...
1
vote
1
answer
1k
views
Process to migrate DNS and DHCP from on-premise, Windows domain controller
Our organization has an on-premise, Windows, domain controller that we'd like eliminate in favor of a local DHCP/DNS server on either our Unify switch (first choice) or FortiGate VPN appliance (second ...
0
votes
0
answers
105
views
automatically retrieve some fields from log file
My fortigate firewall send log message to my syslog server (CentOS 7). The syslog server store them to *.log file with rsyslog. Like this:
Sep 24 00:00:00 192.168.20.20 date=2020-09-24 time=01:00:00 ...
0
votes
0
answers
392
views
QuickBooks - Windows Server 2016 Network Files Randomly Disappear when Browsed by QuickBooks Client
Background
We have 18 QuickBooks company files in a mult-user environment running on a new installation of Windows Server 2016. The QuickBooks Database Server Manager is installed. All of these ...
-1
votes
1
answer
450
views
FortiGate 100E IPSec disconnect
I think this problem is well known that the FortiGate does not reconnect IPSec tunnels sometimes.
Is there a way to keep the tunnel open. Do I have to buy a newer product or update to a newer OS?
0
votes
1
answer
49
views
Working from home - VPN Routing
We have a FortiGate VPN, on which we once configured that all vpn clients (who work from home) have all their traffic go through the VPN.
However, now we want only the traffic that goes into the ...
0
votes
2
answers
2k
views
How to detect with app/process make specyfic dns request?
we have one computer in ours network that constantly send to 8.8.8.8 dns requests. I see this in Fortigate forward traffic log and the user of that computer have to solve reCAPTCHA a few times in hour ...
2
votes
1
answer
503
views
Azure VPN Gateway (S2S) disabling Replay Detection
I'm running an Azure VPN Gateway (VpnGw1, gen1, Route-based) and trying to connect a S2S connection to a Fortigate gateway. The connection is losing connectivity every so hours and I'm wondering if I ...
1
vote
2
answers
725
views
CentOS Hyper V Guest VM Not accessible from the Internet
I have a CentOS VM sitting on HyperV host with two interfaces, One interface connected to the domain Network via a switch (192.168.1.8 /24) GW 192.168.1.254.
Another interface is connected directly to ...
0
votes
1
answer
74
views
Use Both ISP Public IPs Even IF one is Down In FortiGate FireWall
I have two IP's Airtel & Sify connected to My Fortigate Firewall.
Sify---------->Port1--->163.100.X.X/27
Airtel-------->Port2--->13.26.X.X/27
I have two questions:
Can I use all ...
1
vote
0
answers
38
views
Can I use different log files for FortiGate rules?
Fortigate firewalls use different log files per type and device. Here is the log file name format:
<logtype> - <logdevice> - <date> T <time> . <id>.log
For example: ...
9
votes
4
answers
734
views
What caused a huge amount network traffic via SSH?
I have a virtual server running Ubuntu 18.04 from a well known hosting company. This morning our Fortigate Firewall logs shows that my Win10 computer transferred 3.5TB to and 6.5TB from my virtual ...
0
votes
1
answer
2k
views
Fortigate to Azure - working VPN suddenly stops working
I have a FortiGate 60E that I successfully used to create a VPN to an Azure virtual network (see here). It had the 6.0.4 firmware.
Recently, I updated the Fortigate firmware to 6.2.0 and the VPN came ...
0
votes
1
answer
3k
views
Fortigate to Azure VPN -- connected but can't reach anything
I have set up an IPSec VPN between a Fortigate and Azure, according to the following instructions:
https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-56/
The VPN connected the first time, but I ...
3
votes
2
answers
4k
views
Is it possible to have name-resolution from Fortigate and local DNS server?
Can you advise on moving to a hybrid DNS?
Currently, all our LAN machines receive their IP address from our Fortigate 60D (each machine is either allocated an IP address from the Fortigate DHCP, or ...
0
votes
0
answers
219
views
Linux: Update DNS with client IP address after connecting via VPN
In this related question, the asker has a problem where clients connecting in over the VPN are not updating the DNS records with their SSLVPN Adapter IP address.
The solution is Windows turns out to ...
0
votes
0
answers
207
views
Can Nginx(webserver) replaced with fortigate WAF?
We are going to replace nginx nodes with fortigate waf. Would WAF have all features sets which nginx having
Rewrite rules
IPv6
SSL
Load balancing on the bases of subdomain/context
compression and ...
1
vote
0
answers
561
views
FortiGate SSL Offloading & Intrusion Protection System
We're using a FortiGate 620B (v5.2.9) for offloading SSL traffic to our website. Now we would like to activate the Intrusion Protection System (the IPS).
However in order for the IPS to work, SSL ...
0
votes
1
answer
1k
views
Freeradius radclient unsupported attribute
I want to send disconnect-message to NAS using radclient program but when I want to disconnect one user using this command
echo user-name=zaib | radclient -x 192.168.3.1 disconnect "muh"
the ...
0
votes
2
answers
4k
views
Fortigate 60D slow internet speed without DMZ
I am not getting the full internet speed through LAN ports. Only around 130Mb instead of 230Mb. Only way to get 230Mb is plug into the DMZ port. All settings are default. All LAN ports are 1000Mbit ...
1
vote
1
answer
199
views
Ip Configuration in Fortigate 60d
I have a fortigate 60d which bought around 3-4 years ago. Today i tried to install over of fiber internet. I connected my forti with 192.168.3.1 then i clicked wizard and entered new values and new ip ...
0
votes
2
answers
5k
views
Block Sweet32 attacks on a Fortigate?
I have a Fortigate product running FortiOS 5.4.x and I can't mitigate the Sweet32 vulnerability.
I've already enabled the high security algorithms and disabled the SSL3 / TLS1.0 for Beast & ...
3
votes
0
answers
2k
views
Set outgoing interface on Fortigate explicit proxy
I am testing the explicit proxy on a Fortigate 200D firmware 5.4
WAN1 and WAN2 are both members of the wan load balancer interface.
I need to set the proxy to use WAN1 but it it is defaulting to ...
1
vote
1
answer
815
views
Possible to dump sflow data to pcap format?
I want to get the packet capture from fortiet/fortigate device, to capture all traffic from it on one of its interface. For it i have enabled sflow and sent it to another ntopng server. but on ntopng ,...