Показаны сообщения с ярлыком FortiOS. Показать все сообщения
Показаны сообщения с ярлыком FortiOS. Показать все сообщения
вторник, 9 апреля 2019 г.
вторник, 27 ноября 2018 г.
Authentication Based Routing
Authentication Based Routing
https://kb.fortinet.com/kb/documentLink.do?externalID=13610
суббота, 23 июня 2018 г.
Fortigate IP-in-IP over IPSec Tunnel
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40290&languageId=
четверг, 7 июня 2018 г.
Technical Note: IPSec and default route
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36184
суббота, 17 марта 2018 г.
понедельник, 12 марта 2018 г.
понедельник, 19 февраля 2018 г.
FortiOS VPN - GRE over IPSec
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40312&languageId=
пятница, 2 февраля 2018 г.
перезапуск процессов на Fortigate
FGT80C # diagnose test application
smtp SMTP proxy.
ftpd FTP proxy.
pop3 POP3 proxy.
imap IMAP proxy.
nntp NNTP proxy.
scanunit Scanning unit.
harelay HA relay daemon.
hasync HA sync daemon.
hatalk HA talk daemon.
sessionsync session sync daemon.
forticldd FortiCloud daemon.
miglogd Miglog logging daemon.
urlfilter URL filter daemon.
ovrd Override daemon.
ipsmonitor ips monitor
ipsengine ips sensor
ipldbd IP load balancing daemon.
ddnscd DDNS client daemon.
snmpd SNMP daemon.
dnsproxy DNS proxy.
sflowd sFlow daemon.
init init process.
l2tpcd L2TP client daemon.
dhcprelay DHCP relay daemon.
pptpcd PPTP client.
wccpd WCCP daemon.
wad WAD related processes.
radiusd RADIUS daemon.
wpad WPA daemon.
fsd FortiExplorer daemon.
ipsufd IPS urlfilter daemon.
lted USB LTE daemon.
forticron Forticron daemon.
uploadd Upload daemon.
quarantined Quarantine daemon.
dhcp6c DHCP6 client daemon.
info-sslvpnd SSL-VPN info daemon.
dsd DLP Statistics daemon.
lnkmtd Link monitor daemon.
dhcp6r DHCP6 relay daemon.
netxd VMWare NetX service manager daemon.
fnbamd Fortigate non-blocking auth daemon.
mrd Mobile router daemon.
zebos_launcher ZEBOS Launcher daemon
radius-das Radius-das daemon.
csfd Security Fabric daemon.
fsvrd FortiService daemon.
radvd radvd daemon.
fcnacd FortiClient NAC daemon.
sdncd SDN Connector daemon.
smtp SMTP proxy.
ftpd FTP proxy.
pop3 POP3 proxy.
imap IMAP proxy.
nntp NNTP proxy.
scanunit Scanning unit.
harelay HA relay daemon.
hasync HA sync daemon.
hatalk HA talk daemon.
sessionsync session sync daemon.
forticldd FortiCloud daemon.
miglogd Miglog logging daemon.
urlfilter URL filter daemon.
ovrd Override daemon.
ipsmonitor ips monitor
ipsengine ips sensor
ipldbd IP load balancing daemon.
ddnscd DDNS client daemon.
snmpd SNMP daemon.
dnsproxy DNS proxy.
sflowd sFlow daemon.
init init process.
l2tpcd L2TP client daemon.
dhcprelay DHCP relay daemon.
pptpcd PPTP client.
wccpd WCCP daemon.
wad WAD related processes.
radiusd RADIUS daemon.
wpad WPA daemon.
fsd FortiExplorer daemon.
ipsufd IPS urlfilter daemon.
lted USB LTE daemon.
forticron Forticron daemon.
uploadd Upload daemon.
quarantined Quarantine daemon.
dhcp6c DHCP6 client daemon.
info-sslvpnd SSL-VPN info daemon.
dsd DLP Statistics daemon.
lnkmtd Link monitor daemon.
dhcp6r DHCP6 relay daemon.
netxd VMWare NetX service manager daemon.
fnbamd Fortigate non-blocking auth daemon.
mrd Mobile router daemon.
zebos_launcher ZEBOS Launcher daemon
radius-das Radius-das daemon.
csfd Security Fabric daemon.
fsvrd FortiService daemon.
radvd radvd daemon.
fcnacd FortiClient NAC daemon.
sdncd SDN Connector daemon.
FGT80C # diagnose test application ipsmonitor
IPS Engine Test Usage:
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
10: IPS queue length
11: Clear IPS queue length
12: IPS L7 socket statistics
13: IPS session list
14: IPS NTurbo statistics
15: IPSA statistics
16: Display device identification cache
17: Clear device identification cache
18: Display session info cache
19: Clear session info cache
21: Reload FSA malicious URL database
22: Reload whitelist URL database
24: Display Flow AV statistics
25: Reset Flow AV statistics
96: Toggle IPS engines watchdog timer
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor
понедельник, 29 января 2018 г.
First steps to troubleshoot connectivity problems to or through a FortiGate with sniffer, debug flow, session list, routing table
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30038&sliceId=2&docTypeID=DT_KCARTICLE_1_1&dialogID=25408103&stateId=1%200%2025406686
понедельник, 15 января 2018 г.
Fortinet Auto Discovery VPN (ADVPN)
http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD39360
http://cookbook.fortinet.com/configuring-advpn-in-fortios-5-4-dynamic-hub-and-spoke-vpns/#comment-3708628335
http://cookbook.fortinet.com/configuring-advpn-fortios-5-4-redundant-hubs-expert/
http://cookbook.fortinet.com/configuring-advpn-in-fortios-5-4-dynamic-hub-and-spoke-vpns/#comment-3708628335
http://cookbook.fortinet.com/configuring-advpn-fortios-5-4-redundant-hubs-expert/
How to mix ADVPN-aware and non-ADVPN-aware spokes within the same ADVPN Hub-and-Spoke architecture
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD40359
вторник, 9 января 2018 г.
Fortigate & Conserve mode
FGT80C # diagnose hardware sysinfo conserve |
memory conserve mode: off |
total RAM: 499 MB |
memory used: 430 MB 86% of total RAM |
memory used threshold extreme: 473 MB 95% of total RAM |
memory used threshold red: 438 MB 88% of total RAM |
memory used threshold green: 409 MB 82% of total RAM |
четверг, 21 декабря 2017 г.
FortiOS Dual WAN Scenarion - static & PBR, and WAN LB
Technical Note: Dual WAN scenario (static and policy routes) and wan-load-balance
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36462
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36462
пятница, 15 декабря 2017 г.
Тюнинг потребления ресурсов в FortiOS
Несмотря на то, что в статье описана древняя версия FortiOS 4.0, все сказанное актуально и для более старших версий FortiOS, особенно под большой нагрузкой и большом количестве включенных опций:
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD33078&languageId=
http://kb.fortinet.com/kb/documentLink.do?externalID=FD33103
Вывод - при ограниченных ресурсах нужно включать фичи с умом, чтобы система не стала сама себя защищать при помощи Kernel Conserve Mode
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD33078&languageId=
http://kb.fortinet.com/kb/documentLink.do?externalID=FD33103
Вывод - при ограниченных ресурсах нужно включать фичи с умом, чтобы система не стала сама себя защищать при помощи Kernel Conserve Mode
суббота, 9 декабря 2017 г.
Fortigate 80C - get hardware status
FGT80C # get hardware status |
Model name: FortiGate-80C |
ASIC version: CP6 |
ASIC SRAM: 64M |
CPU: Celeron (Covington) |
Number of CPUs: 1 |
RAM: 499 MB |
Compact Flash: 493 MB /dev/sda |
Hard disk: not available |
USB Flash: not available |
Network Card chipset: mvl_sw Ethernet driver1.0 (rev. |
среда, 6 декабря 2017 г.
FortiOS versions, builds and dates
Version 5
MR2
Build 0688, P4 (07/22/2015)
Build 0670, P3 (05/18/2015)
Build 0642, P2 (11/18/2014)
Build 0618, P1 (09/15/2014)
Build 0589, GA (06/14/2014)
GA
Build 0318, P12 (05/15/2015)
Build 0311, P11 (01/23/2015)
Build 0305, P10 (12/16/2015)
Build 0292, P9 (08/01/2014)
Build 0291, P8 (07/29/2014)
Build 3608, P7 (04/10/2014) See note 1 at the bottom
Build 0271, P6 (01/25/2014)
Build 0252, P5 (11/01/2013)
Build 0228, P4 (08/08/2013)
Build 0208, P3 (06/03/2013)
Build 0198, P3, Beta 1 (05/22/2013) pulled by Fortinet
Build 0179, P2 (03/2013)
Build 0147, P1 (12/2012)
Build 0128, First release (11/2012)
Version 4
MR 3 End of Support Date for Version 4.0 MR3 = March 19, 2014 (unless device does not support FortiOS version 5.0)
Build 0689, P18 (08/06/2014)
Build 0688, P17 (07/14/2014)
Build 0686, P16 (07/03/2014)
Build 0672, P15 (09/05/2013)
Build 0665, P14 (05/17/2013)
Build 0664, P13 (04/30/2013) pulled by Fortinet
Build 0656, P12 (02/27/2013)
Build 0646, P11 (11/2012)
Build 0639, P10 (09/2012)
Build 0637, P9 (08/22/2012)
Build 0632, P8 (07/05/2012)
Build 0535, P7 (05/2012)
Build 0521, P6 (03/2012)
Build 0513, P5 (02/2012)
Build 0511, P4 (01/2012)
Build 0496, P3 (11/2011)
Build 0482, P2 (09/2011)
Build 0458, P1 (06/2011)
Build 0441, First release (03/18/2011)
MR 2 (End of Support Date for Version 4.0 MR2 = April 1, 2013)
Build 0356, P15 (02/21/2013)
Build 0353, P14 (01/09/2013)
Build 0349, P13 (09/04/2012)
Build 0346, P12 (06/06/2012)
Build 0342, P11 (02/27/2012)
Build 3118, P10 (01/17/2012) with MS hotfix
Build 0338, P10 (12/06/2011)
Build 0334, P9 (10/2011)
Build 0328, P8 (07/2011)
Build 0324, P7 (05/2011)
Build 0320, P6 (04/2011)
Build 0315, P5 (04/2011)
Build 0313, P4 (03/2011)
Build 0303, P3 (12/14/2010)
Build 0291, P2 (08/2010)
Build 0279, P1 (05/2010)
Build 0272, First release
MR 1 (End of Support Date for Version 4.0 MR1 = August 24, 2012)
Build 0217, P10 (06/16/2011)
Build 0213, P9 (01/28/2011) pulled by Fortinet
Build 0209, P8 (09/29/2010) pulled by Fortinet
Build 0207, P7 pulled by Fortinet
Build 0205, P6 pulled by Fortinet
Build 0204, P5 pulled by Fortinet
Build 0196, P4 pulled by Fortinet
Build 0194, P3 pulled by Fortinet
Build 0192, P2 pulled by Fortinet
Build 0185, P1 pulled by Fortinet
Build 0178, First release
GA (End of Support Date for Version 4.0 = February 24, 2012)
Build 0113, P4 (12/02/2009)
Build 0106, P3 (06/16/2009)
Build 0099, P2 (04/07/2009)
Build 009x, P1 (2009) pulled by Fortinet
Build 0092, First release (02/20/2009)
Version 3
MR 7 (End of Support Date for Version 3.0 MR7 = July 18, 2011)
Build 0754, P10 (10/27/2010)
Build 0753, P9 (02/17/2010)
Build 0752, P8 (12/23/2009)
Build 0750, P7 (10/09/2009)
Build 0744, P6 (06/30/2009)
Build 0741, P5 (04/08/2009)
Build 0740, P4
Build 0737, P3 (03/03/2009)
Build 0733, P2 (11/21/2008)
Build 0730, P1 (09/19/2008)
Build 0726, First release (07/16/2008)
MR 6 (End of Support Date for Version 3.0 MR6 = February 4, 2011)
Build 0678, P6
Build 0677, P5
Build 0673, P4 (10/27/2008)
Build 0670, P3 (07/29/2008)
Build 0668, P2 (05/14/2008)
Build 0662, P1 (03/17/2008)
Build 0660, First release (02/01/2008)
MR 5 (End of Support Date for Version 3.0 MR5 = July 3, 2010)
Build 0576, P7
Build 0575, P6
Build 0574, P5 (02/20/2008)
Build 0572, P4 (11/26/2007)
Build 0568, P3 (10/18/2007)
Build 5101, P2 (09/05/2007) Memory Optimized for smaller models
Build 0565, P2 (09/05/2007)
Build 0564, P1 (08/17/2007)
Build 0559, First release
Build 0552, CR3
Build 0547, CR2
MR 4 (End of Support Date for Version 3.0 MR4 = December 29, 2009)
Build 0483, P5 (07/03/2007)
Build 0480, P4 (03/30/2007)
Build 0479, P3
Build 0477, P2
Build 0475, P1
Build 0474, First release
Build 0468, CR2
MR 3 (End of Support Date for Version 3.0 MR3 = October 2, 2009)
Build 0418, P14
Build 0416, P12
Build 8552, P11 (09/01/2007) Memory Optimized for smaller models
Build 0416, P11 (09/01/2007)
Build 8509, P10 (07/05/2007) Memory Optimized for smaller models
Build 0415, P10 (07/05/2007)
Build 8468, P9 (05/04/2007) Memory Optimized for smaller models
Build 0413, P9 (05/04/2007)
Build 0411, P8 (03/30/2007)
Build 0410, P7 (03/08/2007)
Build 0406, P6 (01/26/2007)
Build 0405, P5 (01/05/2007)
Build 0404, P4
Build 0403, P3 (11/06/2006)
Build 0402, P2
Build 0401, P1
Build 0400, First release (10/02/2006)
Build 0394, CR2
Build 0388, CR1
MR 2 (The versions below are beyond end of support dates)
Build 0319
Build 0318 (06/30/2006)
Version 2.8
MR 12
Build 520, P1
Build 519
MR 11
Build 490
NOTES
Note 1: These are all patches for the Heartbleed SSL bug, based on build 0271 (P6)- Build 4429 for FGT100D, FGT140D, FGT140D_POE
- Build 4439 for FGT 280D_POE
- Build 3483 for FGT 3600C
понедельник, 27 ноября 2017 г.
Как включить белый список HTTPS ресурсов, обновляемый Fortiguard для исключения SSL Inspection в Fortigate
config firewall ssl-ssh-profile
edit deep-inspection
set whitelist enable
end
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/SSL_SSH_Inspection/Secure%20whitelist%20database.htm
Подписаться на:
Сообщения (Atom)