Fortigate

Fortinet Pros+DNS allow lists, eg. use FreeMyIp.com to allow single IPs to access RdWeb+Fortinet client VPN (if already installed for users)+Built-in web filtering Fortinet Cons-Price Unifi Pros+cheap+no yearly renewal $+good…

IPsec error ‘ignoring unsupported informational message 0’ turned out to be a miss-matched PSK, i should have suspected this first as it was read out to me over the phone…

This was shockingly easy I removed all the phase 1 encryption methods that weren’t being used and any DH group that didn’t match the Unifi The Phase 2 proposal was…

Mostly for me to remember what to do Plug laptop into Lan1, surf to https://192.168.1.99 login with admin and NO PASSWORD, should be prompted to change the passwordLogin again and…

Why; Fortinet charges $36 CA to convert a configuration from one model to another. Seems like a money grab and should be included in any upgrade. Fortinet will send you…

Disabling SIP ALG see here https://voipdocs.io/en/articles/316-disabling-sip-alg-on-a-fortigate-firewall

When setting up a new Remote Access VPN I recommend to always change to a custom tunnel and set a Peer ID. name can be anything, doesn’t matter. i Typically…

Found out today If you delete a port forward, even if it’s not in use, Fortgate clears the session table so the remaining port forwards STOP WORKING until a port…

Fortigate has added Automations to allow custom alerting Security Fabric, Automation, Create New Another great alerts: Another DHCP server sent DHCP offer (Rogue DHCP server)Authentication Lockout (If you have Local…

An attack has been demonstrated on Firewalls that have an H323 VoIP helper to trick it into connecting to any TCP port and not just the ports used by VoIP….