Fortigate to Unifi VPN
This was shockingly easy I removed all the phase 1 encryption methods that weren’t being used and any DH group that didn’t match the Unifi The Phase 2 proposal was
This was shockingly easy I removed all the phase 1 encryption methods that weren’t being used and any DH group that didn’t match the Unifi The Phase 2 proposal was
Mostly for me to remember what to do Plug laptop into Lan1, surf to https://192.168.1.99 login with admin and NO PASSWORD, should be prompted to change the passwordLogin again and
Why; Fortinet charges $36 CA to convert a configuration from one model to another. Seems like a money grab and should be included in any upgrade. Fortinet will send you
Continue readingFortinet Converter Service, what documentation?
Disabling SIP ALG see here https://voipdocs.io/en/articles/316-disabling-sip-alg-on-a-fortigate-firewall
When setting up a new Remote Access VPN I recommend to always change to a custom tunnel and set a Peer ID. name can be anything, doesn’t matter. i Typically
Found out today If you delete a port forward, even if it’s not in use, Fortgate clears the session table so the remaining port forwards STOP WORKING until a port
Fortigate has added Automations to allow custom alerting Security Fabric, Automation, Create New Another great alerts: Another DHCP server sent DHCP offer (Rogue DHCP server)Authentication Lockout (If you have Local
An attack has been demonstrated on Firewalls that have an H323 VoIP helper to trick it into connecting to any TCP port and not just the ports used by VoIP.
Continue readingNAT Slipstreaming Attack on Firewalls and NAT routers
If you are troubleshooting a Fortinet VPN here are a few tips. Network, Packet capture will allow you to capture data on a VPN tunnel interface. This can be used
I administer some Fortigate firewalls. After upgrading to v6.2.x we have been getting and error about Memory Conserve Mode and the Firewall stops passing traffic! the work-around is a scheduled