Skip to Content

Solved: How do I fix SSL VPN with LDAP user authentication credential check passes in FortiGate but fails while logging in?

This article descricbes that credentials from FortiGate succeed but the same credential fails in actual SSL VPN log-in. The credentials for a test user with username ‘testvpn’ and password ‘azbyc’ (already configured at the LDAP’s AD) shows authentication succeeded when done from the FortiGate as follows: FW-1 # dia test authserver ldap MyLdap testvpn azbyc …

Read More about Solved: How do I fix SSL VPN with LDAP user authentication credential check passes in FortiGate but fails while logging in?

Solved: How do I backup logs in plaintext format avoid performing LZ4 decompression?

This article describes that backup logs in plaintext format avoid LZ4 decompression. By default, if the logs are backed up to the FTP server, logs will be encrypted. # execute backup disk alllogs ftp <IP_address> <username> <password> # execute backup disk log ftp <IP_address> <username> <password> <log_type> If it is necessary to upload the logs …

Read More about Solved: How do I backup logs in plaintext format avoid performing LZ4 decompression?

Solved: How do I renew expired SSL-VPN password on AD using FortiAuthenticator?

This article describes in detail how to renew password for users that is expired on AD using FortiGate and FortiAuthenticator. Scope FortiAuthenticator, FortiGate. Solution It is presumed that SSL-VPN authentication with FortiGate and FortiAuthenticator is working, for password renewal it is mandatory to use MSCHAPv2 on FortiGate and FortiAuthenticator. In order to renew the password, …

Read More about Solved: How do I renew expired SSL-VPN password on AD using FortiAuthenticator?

Solved: How do I enable traffic to pass through a specific destination without an SSL VPN split tunnel?

This document describes how to configure the SSL VPN with Split tunnel configuration in which the firewall address configured becomes a trusted destination that will not be tunneled through SSL VPN. All other destinations will be tunneled through SSL VPN. Scope FortiGate 7.0.6 or later in 7.0.x and FortiGate 7.2.1 or later in 7.2.x. Solution …

Read More about Solved: How do I enable traffic to pass through a specific destination without an SSL VPN split tunnel?

Solved: How do I fix high channel utilization reported on FortiAP managed by FortiGate?

This article describes how to identify and fix the cause of a high channel utilization being reported on FortiAP (Managed by FortiGate). Scope FortiGate, FortiAP-U, FortiAP-W2 Solution Identify the device causing interference and take the necessary action, such as removing the device from the RF environment. Follow the steps below to check the spectrum usage …

Read More about Solved: How do I fix high channel utilization reported on FortiAP managed by FortiGate?

Solved: How do I enable encrypted FSSO communication between FortiAuthenticator and FortiGate?

This article describes the steps to create FSSO connector and enable FSSO Encryption between FortiAuthenticator and FortiGate using certificates. Scope FortiAuthenticator and FortiGate Solution FortiAuthenticator uses TCP Port 8000 for FSSO communication with FortiGate. To check this, login to FortiAuthenticator > Fortinet SSO Methods > General. In FortiAuthenticator firmware 6.4.5 and 6.4.6, there is a …

Read More about Solved: How do I enable encrypted FSSO communication between FortiAuthenticator and FortiGate?

Solved: How do I configure FortiGate and FortiExtender Integration with VRRP and DNS Service

This article describes Virtual Router Redundancy Protocol (VRRP) service and DNS service between FortiGate and FortiExtender. After integration between FortiGate and FortiExtender, VRRP service enables Internet service continuance, either network service fails on FortiGate, which automatically triggers the network service on FortiExtender or network service fails on FortiExtender, which automatically triggers the network service on …

Read More about Solved: How do I configure FortiGate and FortiExtender Integration with VRRP and DNS Service

Fortinet gear APT abuse CVE-2022-40684

Updated on 2022-10-24: Fortinet gear APT abuse CYFIRMA researchers said they’d observed multiple APT groups exploiting CVE-2022-40684, a recently disclosed/patched authentication bypass in Fortinet devices. Read more: Fortinet Authentication Bypass Vulnerability Exploited by Threat Actors “The suspected threat actors are US17IRGCorp aka APT34, HAFNIUM, and its affiliates in the ongoing campaign’ درب عقب’ translating to …

Read More about Fortinet gear APT abuse CVE-2022-40684

Solved: How do I connect Fortigate with FortiSandbox on-premises?

The article describes how to link a FortiGate to an on-premises FortiSandbox and check the connectivity status on CLI. Solution Step 1: Select Security Fabric > Fabric Connectors > FortiSandbox. Step 2: Enter the FortiSandbox hardware IP address and test the connectivity. Make sure the FortiGate can reach the FortiSandbox hardware. Step 3: Once the …

Read More about Solved: How do I connect Fortigate with FortiSandbox on-premises?

Solved: How do I send files from FortiGate to FortiSandbox for inspection?

The article describes how to send files from FortiGate to FortiSandbox for inspection by applying the Antivirus profile in the policy. Solution Step 1: Go to Security Profiles > Antivirus and select Create new/Edit. Enable the following features: Inspected Protocols: HTTP. Select Send files to FortiSandbox for inspection: All Supported Files Enable FortiSandbox database. Step …

Read More about Solved: How do I send files from FortiGate to FortiSandbox for inspection?

Solved: How do I configure multiple links for FGSP peer redundancy?

This article describes how the FGSP is used to sync sessions between FGCP clusters or two standalone FortiGate. Multiple FGSP sync links can be configured to have physical link redundancy. Prior FortiGate 6.4.10, multiple links for FGSP peers could be added as separate entries under ‘config system cluster-sync’, however HA system treated them as multiple …

Read More about Solved: How do I configure multiple links for FGSP peer redundancy?
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.