Search Results

(2018-06-11) Problem List connected SSLVPN users. Solution exec vpn sslvpn list

(2018-12-03) Problem Firewall doesn't boot. When you hook a console up to it, it says: Error: RTC Power Status Failed, BIOS Defaults are Loaded. Press F1 Skip, F12 Enter Setup Solution Your on-board battery is dead, you must RMA. In our case, Support didn't e...

(2018-01-26) Problem SSLVPN disconnects after 8 hours. Solution config vpn ssl settings set auth-timeout 28800 The default time setting is 28,800 (8 hours). The value can be set in the range 10 to 259,200 seconds (3 days). A value of 0 can be used to indicate...

(2018-12-03) Problem Show system time on a FortiGate. Solution # exec time current time is: 19:06:00 last ntp sync: never # exec system date current date is: 2011-12-31

(2018-01-30) Problem Two computers, A and B, trying to connect across a site-to-site VPN to computers C and D. Computer A cannot see C but can see D. Computer B can see both computers. Doing a traceroute from A to C shows that the packet is going out the WAN p...

(2019-04-17) Problem Wifi clients connect but can't get DHCP lease from either the Fortigate or from a DHCP server on the sofware-switch-connected network. Affects WPA2-Personal and WPA2-Enterprise secured SSIDs at the same time. Solution Immediately: fw-foo #...

(2020-06-18) BGP Neighbor status? # get router info bgp neighbors … # get router info bgp neighbors a.b.c.d … # get router info bgp neighbors a.b.c.d [advertised-routes|received-routes] ...

(2020-06-24) Problem Soft-bounce bgp sessions. This should cause peers to hold on to the routes we've agreed on while the sessions renegotiate. Solution # exec router clear bgp all soft # exec router clear bgp ip <ip> soft

(2019-03-13) Problem What are the recommended settings for IPSEC VPNs? Updated 25 April 2023 IKE: In general IKEv1 is still acceptable, unless you're dealing with a Cisco ASA which as of 2020 will only do SHA-1 in IKEv1 DH Group: ideal is DH-19 or DH-20 min...

(2019-10-30) FortiCloud Debug Commands fgt300d-a (global) # di test app forticldd 1. dump fds setting 2. dump log controller status 3. dump log server status 4. dump msg controller status 5. dump msg server status 7. dump FDS default update server status 8. du...

(2019-01-22) Solution So apparently FortiGates can do LLDP, you just have to turn it on. config system global set lldp-transmission enable end [...] edit "internal14" set vdom "root" set type physical set lldp-transmission enable next "type ...

(2019-09-12) Problem IPsec tunnel to another device (in this case, a Watchguard). Tunnel shows as being up on all phase2 definitions, but no packets pass. Diagnostics Some exchanges appear to work, for example the IKE/IPsec negotiations and DPD communications....

(2019-02-13) Problem Using the CLI, list current assigned DHCP leases. Solution For interface "internal": execute dhcp lease-list internal

(2020-03-13) Creating Whitelists For Microsoft Internet Services See: (https://docs.microsoft.com/en- us/office365/enterprise/office-365-ip-web- service)[https://web.archive.org/web/20231204031448/https://docs.microsoft.com/en- us/office365/enterprise/office-3...

(2019-05-28) Problem Routing table? Solution get router info routing-table all get router info bgp summary

(2018-12-19) Problem Want SSH Pubkey authentication for my AD-backed administrative user. Specifically because having to have my AD password in plaintext in my home directory in order for rancid to work is stupid, security-wise. Solution conf global conf sys a...

(2019-03-13) Problem Standard configuration for (more) secure crypto Solution config sys global set admin-https-ssl-versions tlsv1-2 set fds-statistics disable set strong-crypto enable end For each vDom with SSLVPN active in it: config vpn ssl setting ...

(2019-03-13) Problem SSLVPN users have to use FQDNs instead of short names when connecting to office resources. Solution For whatever reason, you have to do this through the CLI; you can't do it through the web interface. config vpn ssl settings set dns-suff...

(2019-01-10) What firmware am I running? # get system status Version: FortiGate-60D v5.6.2,build1486,170816 (GA) [...]

(2019-07-08) Problem Traffic shaping wtf? Solution In 5.6, traffic shaping was removed from IPv4 Policy and moved to its own policy page. In 5.6.3, Fortinet added the ability to apply schedules to Traffic Shaping Policies. However this functionality does not a...