Advanced Search
Search Results
461 total results found
Fetchmail
find
Solaris 8
git
Google Cloud Compute
Google OpenID
GPG
HP-UX
iperf
EX2200, EX4200, EX4300, EX4550
Rancid
SRX
v7.2.x
IOS-XE 03.16
Random
I really don't know how Palo Alto devices are organized.
Chrome
10.1.x
ASA 9.14
v7.4.x
Known Wanted
Examples of specific castings I'm looking for
List SSLVPN Users
(2018-06-11) Problem List connected SSLVPN users. Solution exec vpn sslvpn list
RTC Power Status Failed
(2018-12-03) Problem Firewall doesn't boot. When you hook a console up to it, it says: Error: RTC Power Status Failed, BIOS Defaults are Loaded. Press F1 Skip, F12 Enter Setup Solution Your on-board battery is dead, you must RMA. In our case, Support didn't e...
SSLVPN Logs Out After 8 Hours
(2018-01-26) Problem SSLVPN disconnects after 8 hours. Solution config vpn ssl settings set auth-timeout 28800 The default time setting is 28,800 (8 hours). The value can be set in the range 10 to 259,200 seconds (3 days). A value of 0 can be used to indicate...
System Time
(2018-12-03) Problem Show system time on a FortiGate. Solution # exec time current time is: 19:06:00 last ntp sync: never # exec system date current date is: 2011-12-31
VPN Flapping Leads To Bogus Routing
(2018-01-30) Problem Two computers, A and B, trying to connect across a site-to-site VPN to computers C and D. Computer A cannot see C but can see D. Computer B can see both computers. Doing a traceroute from A to C shows that the packet is going out the WAN p...
Wifi Clients Connect But Can't Get DHCP Lease
(2019-04-17) Problem Wifi clients connect but can't get DHCP lease from either the Fortigate or from a DHCP server on the sofware-switch-connected network. Affects WPA2-Personal and WPA2-Enterprise secured SSIDs at the same time. Solution Immediately: fw-foo #...
BGP Neighbors
(2020-06-18) BGP Neighbor status? # get router info bgp neighbors … # get router info bgp neighbors a.b.c.d … # get router info bgp neighbors a.b.c.d [advertised-routes|received-routes] ...
BGP Sessions
(2020-06-24) Problem Soft-bounce bgp sessions. This should cause peers to hold on to the routes we've agreed on while the sessions renegotiate. Solution # exec router clear bgp all soft # exec router clear bgp ip <ip> soft
VPN Ciphers, Encryption, DH Settings Recommendations
(2019-03-13) Problem What are the recommended settings for IPSEC VPNs? (Updated 25 April 2023) IKE: In general IKEv1 is still acceptable, unless you're dealing with a Cisco ASA which as of 2020 will only do SHA-1 in IKEv1 DH Group: ideal is DH-19 or DH-20 m...
Debug Commands
(2019-10-30) FortiCloud Debug Commands fgt300d-a (global) # di test app forticldd 1. dump fds setting 2. dump log controller status 3. dump log server status 4. dump msg controller status 5. dump msg server status 7. dump FDS default update server status 8. du...
FortiOS LLDP
(2019-01-22) Solution So apparently FortiGates can do LLDP, you just have to turn it on. config system global set lldp-transmission enable end [...] edit "internal14" set vdom "root" set type physical set lldp-transmission enable next "type ...
IPsec Not Passing Packets
(2019-09-12) Problem IPsec tunnel to another device (in this case, a Watchguard). Tunnel shows as being up on all phase2 definitions, but no packets pass. Diagnostics Some exchanges appear to work, for example the IKE/IPsec negotiations and DPD communications....
List DHCP Clients CLI
(2019-02-13) Problem Using the CLI, list current assigned DHCP leases. Solution For interface "internal": execute dhcp lease-list internal
Microsoft Office Whitelisting
(2020-03-13) Creating Whitelists For Microsoft Internet Services See: (https://docs.microsoft.com/en- us/office365/enterprise/office-365-ip-web- service)[https://web.archive.org/web/20231204031448/https://docs.microsoft.com/en- us/office365/enterprise/office-3...
Routing Table
(2019-05-28) Problem Routing table? Solution get router info routing-table all get router info bgp summary
SSH Pubkey Login
(2018-12-19) Problem Want SSH Pubkey authentication for my AD-backed administrative user. Specifically because having to have my AD password in plaintext in my home directory in order for rancid to work is stupid, security-wise. Solution conf global conf sys a...
SSL Security Settings
(2019-03-13) Problem Standard configuration for (more) secure crypto Solution config sys global set admin-https-ssl-versions tlsv1-2 set fds-statistics disable set strong-crypto enable end For each vDom with SSLVPN active in it: config vpn ssl setting ...
SSLVPN DNS Suffix
(2019-03-13) Problem SSLVPN users have to use FQDNs instead of short names when connecting to office resources. Solution For whatever reason, you have to do this through the CLI; you can't do it through the web interface. config vpn ssl settings set dns-suff...
System Version from CLI
(2019-01-10) What firmware am I running? # get system status Version: FortiGate-60D v5.6.2,build1486,170816 (GA) [...]
Traffic Shaping Policy
(2019-07-08) Problem Traffic shaping wtf? Solution In 5.6, traffic shaping was removed from IPv4 Policy and moved to its own policy page. In 5.6.3, Fortinet added the ability to apply schedules to Traffic Shaping Policies. However this functionality does not a...
