Just more ramblings of another IT Guy

Category Archives: Fortigate

Change auth-ports on Fortigate

When using a a transparent vdom and an identity based policy to authenticate users on non standard ports (i.e. when users are using the explicit proxy on port 8080) it is neccessary to change the ports the Fortigate expects http … Continue reading

Verify ldap bind username used for FSSO

A common source of failure for an ldap lookup when using a regular bind is incorrect user cn On the DC verify by running following command dsquery user -name “username”

Guest NTLM access (CLI only)

Guest profile access may be granted to users failing NTLM authentication, such as visitors who have no user credentials on the network. To allow guest users in NTLM, use the following CLI command: If there are multiple domains, a trust relation … Continue reading

CLI commands to enable encryption between FortiGate and FortiAnalyzer

Use the following commands to enable encryption between the FortiGate unit and the FortiAnalyzer unit: On the FortiGate unit: config log fortianalyzer setting set encrypt enable set psksecret <presharedkey_str> set localid <devname_str> end On the FortiAnalyzer unit: config log device edit … Continue reading

Wan Opt & Web Cache CLI only on certain Fortigates

Wan Opt and Web Cache has gone CLI only for certain Fortigate models (See below) since Version 4 Mr3 Patch 4. The removal from the Web GUI is apparently for performance reasons. ask a nurse

Realtime upload of logs to FortiAnalyzer

By default on Fortigate units with hard drives logs are only uploaded once a day. Units without a hard drive upload in realtime by default. If you would like a hard drive equipped Fortigate to upload logs in Realtime use … Continue reading

FortiOS version 4 mr3 patch6 supported 3G modems

Fortinet has published a list of the supported 3G modems for Version 4 MR3 Patch 6 and it can be found here

Check Fortigate interface for errors

You can use the following command to check a Fortigate interfacefor any possible errirs that may affect traffic performance # diagnose hardware deviceinfo nic <port_name>

Fortinets Irish support number

Fortinet have setup an Irish support number which means calls to france are no longer required. While the calls are routed to the same location the costs go down. The number for Fortinet is 1800 309 150 .

Determine FortiAP when not connected to Fortigate

When faced with the need to determine what version of firmware a FortiAP is running with connecting it to a Fortigate, connect to the FortiAP via the console and run the following command “fap-get-status”