Skip to Content

Question Which election criterion is used to elect the primary FortiGate in a high availability (HA) cluster when override is enabled? A. uptime > priority > port monitor > serial number B. port monitor > uptime > priority >serial number C. priority > port monitor >uptime >serial number D. port monitor > priority > uptime …

Read More about NSE4-5.4 Q&A: Which election criterion used to elect primary FortiGate in HA cluster when override is enabled?

Question What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution? A. Users are required to manually enter their credentials each time they connect to a different web site. B. Proxy users are authenticated via FSSO. C. There are multiple users sharing the same …

Read More about NSE4-5.4 Q&A: What is valid reason for using session based authentication in FortiGate web proxy solution?

Problem Description This article describes how to synchronize and verify IPSec tunnel with FGSP. Scope FortiGate v7.0, FortiOS 7.2. Solution Scenario: In this scenario, there are 2 FortiGates: ‘FGT-1’ acting as the primary. ‘FGT-2’ acting as a backup and a remote VPN gateway. …….REMOTE VPN GATEWAY ……………10.100.100.3 …………………….| …………………….| …………………….| …………………….| 10.100.100.1…..|…. 10.100.100.2 ….FGT-1————–FGT-2 192.168.1.1…………….192.168.1.2 …

Read More about Solved: How do I sync IPSec VPNs with FGSP?

Updated on 2022-12-15: Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns Citrix and Fortinet, two of today’s largest providers of enterprise networking equipment, have released security updates to patch two zero-day vulnerabilities that were exploited in the wild against their devices. The Fortinet zero-day (CVE-2022-42475) is an unauthenticated RCE that impacts the …

Read More about Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns

Scope FortiOS 6.2.x, 6.4.x, 7.0.x, 7.2.x Solution The following is an example output for a session list captured in FortiOS: # diagnose sys session list session info: proto=6 proto_state=01 duration=600125 expire=3585 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=log may_dirty npu f00 statistic(bytes/packets/allow_err): org=1406688/22871/1 reply=1406629/22870/1 tuples=2 tx speed(Bps/kbps): …

Read More about Solved: How do I interpret the NPU Offload field in FortiOS session lists?

Updated on 2022-10-24: Fortinet gear APT abuse CYFIRMA researchers said they’d observed multiple APT groups exploiting CVE-2022-40684, a recently disclosed/patched authentication bypass in Fortinet devices. Read more: Fortinet Authentication Bypass Vulnerability Exploited by Threat Actors “The suspected threat actors are US17IRGCorp aka APT34, HAFNIUM, and its affiliates in the ongoing campaign’ درب عقب’ translating to …

Read More about Fortinet gear APT abuse CVE-2022-40684

This article describes how to copy the original DSCP marking when return traffic arrives as untagged on the FortiGate. Solution Currently, there are two main ways on how to mark traffic with DSCP: Step 1: Directly via the firewall policy: # config firewall policy edit <X> set diffserv-forward enable set diffservcode-forward <binary_integer> set diffserv-reverse enable …

Read More about Solved: Differentiated Services Code Point (DSCP) replicate feature

This article describes the reason of high memory utilization on the node process. Solution In FortiOS 6.4, node process functionality is limited to generating security rating report and maintaining CLI console widget when accessing the Fortigate via HTTP/HTTPS. In FortiOS 7.0 onwards, node process is responsible to process all incoming HTTP/HTTPS request including REST API …

Read More about Solved: How do I fix high memory usage of node process?

This article describes an overview of how ‘Block intra-SSID traffic’ option on SSID configuration works on the bridge mode SSID as there is slight variation between tunneled and bridged. Solution Tunneled mode: Enabling Block intra-SSID traffic will restrict communication between 2 wireless clients connected on same SSID on FortiAPs. In tunneled mode, the traffic will …

Read More about Solved: How ‘Block intra-SSID traffic’ option on ssid configuration works on bridge mode ssid on FortiGate/FortiAP?

MAC Authentication Bypass (MAB) is supported to accept non-802.1X compliant devices onto the network using their MAC address as authentication. Solution: Enable MAB on FortiGate Apply below command to enable MAB on FortiGate: # config sys interface edit “<>” set vdom “root” set ip 192.168.1.1 255.255.255.0 set allowaccess ping radius-acct set security-mode captive-portal set security-mac-auth-bypass …

Read More about Solved: How do I enable mac address bypass on FortiGate interfaces?
Ads Blocker Image Powered by Code Help Pro

Your Support Matters...

We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.