Skip to Content

Solved: How do I sync IPSec VPNs with FGSP?

Problem Description This article describes how to synchronize and verify IPSec tunnel with FGSP. Scope FortiGate v7.0, FortiOS 7.2. Solution Scenario: In this scenario, there are 2 FortiGates: ‘FGT-1’ acting as the primary. ‘FGT-2’ acting as a backup and a remote VPN gateway. …….REMOTE VPN GATEWAY ……………10.100.100.3 …………………….| …………………….| …………………….| …………………….| 10.100.100.1…..|…. 10.100.100.2 ….FGT-1————–FGT-2 192.168.1.1…………….192.168.1.2 …

Read More about Solved: How do I sync IPSec VPNs with FGSP?

Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns

Updated on 2022-12-15: Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns Citrix and Fortinet, two of today’s largest providers of enterprise networking equipment, have released security updates to patch two zero-day vulnerabilities that were exploited in the wild against their devices. The Fortinet zero-day (CVE-2022-42475) is an unauthenticated RCE that impacts the …

Read More about Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns

Solved: How do I interpret the NPU Offload field in FortiOS session lists?

Scope FortiOS 6.2.x, 6.4.x, 7.0.x, 7.2.x Solution The following is an example output for a session list captured in FortiOS: # diagnose sys session list session info: proto=6 proto_state=01 duration=600125 expire=3585 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=log may_dirty npu f00 statistic(bytes/packets/allow_err): org=1406688/22871/1 reply=1406629/22870/1 tuples=2 tx speed(Bps/kbps): …

Read More about Solved: How do I interpret the NPU Offload field in FortiOS session lists?

Fortinet gear APT abuse CVE-2022-40684

Updated on 2022-10-24: Fortinet gear APT abuse CYFIRMA researchers said they’d observed multiple APT groups exploiting CVE-2022-40684, a recently disclosed/patched authentication bypass in Fortinet devices. Read more: Fortinet Authentication Bypass Vulnerability Exploited by Threat Actors “The suspected threat actors are US17IRGCorp aka APT34, HAFNIUM, and its affiliates in the ongoing campaign’ درب عقب’ translating to …

Read More about Fortinet gear APT abuse CVE-2022-40684

Solved: Differentiated Services Code Point (DSCP) replicate feature

This article describes how to copy the original DSCP marking when return traffic arrives as untagged on the FortiGate. Solution Currently, there are two main ways on how to mark traffic with DSCP: Step 1: Directly via the firewall policy: # config firewall policy edit <X> set diffserv-forward enable set diffservcode-forward <binary_integer> set diffserv-reverse enable …

Read More about Solved: Differentiated Services Code Point (DSCP) replicate feature

Solved: How do I fix high memory usage of node process?

This article describes the reason of high memory utilization on the node process. Solution In FortiOS 6.4, node process functionality is limited to generating security rating report and maintaining CLI console widget when accessing the Fortigate via HTTP/HTTPS. In FortiOS 7.0 onwards, node process is responsible to process all incoming HTTP/HTTPS request including REST API …

Read More about Solved: How do I fix high memory usage of node process?

Solved: How ‘Block intra-SSID traffic’ option on ssid configuration works on bridge mode ssid on FortiGate/FortiAP?

This article describes an overview of how ‘Block intra-SSID traffic’ option on SSID configuration works on the bridge mode SSID as there is slight variation between tunneled and bridged. Solution Tunneled mode: Enabling Block intra-SSID traffic will restrict communication between 2 wireless clients connected on same SSID on FortiAPs. In tunneled mode, the traffic will …

Read More about Solved: How ‘Block intra-SSID traffic’ option on ssid configuration works on bridge mode ssid on FortiGate/FortiAP?

Solved: How do I enable mac address bypass on FortiGate interfaces?

MAC Authentication Bypass (MAB) is supported to accept non-802.1X compliant devices onto the network using their MAC address as authentication. Solution: Enable MAB on FortiGate Apply below command to enable MAB on FortiGate: # config sys interface edit “<>” set vdom “root” set ip 192.168.1.1 255.255.255.0 set allowaccess ping radius-acct set security-mode captive-portal set security-mac-auth-bypass …

Read More about Solved: How do I enable mac address bypass on FortiGate interfaces?

Solved: How do I troubleshoot External Connector-Threat Feeds support format

This article describes how to troubleshoot External Connector-Threat Feeds support format. Solution When the threat feeds are imported from a remote HTTP server, there is no entry on FortiGate. The data is visible by HTTP access. Open the threat feed file by notepad++ then browse to the option Encoding the current format will be visible. The …

Read More about Solved: How do I troubleshoot External Connector-Threat Feeds support format
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.