AJReynolds Tech Blog

For this post I'm gathering together the resources I read in regards to NAT on Fortinet Devices. I will update it further as I continue my studies Network Address Translation (NAT) devices converts one set of IP's to another set of IP's. This is most commonly used to convert private IP addresses (as specified in RFC 1918) to public IP addresses that can be used on the internet and vice versa. NAT was originally outlined in RFC 1631, however the current RFC for NAT is RFC3022 (linked below). The most common use of NAT can be found in home networks, where multiple private IP addresses are translated to a single public address - this is a process called Port Address Translation because different port numbers identify translations. These translations are most commonly completed dynamically but can also be statically set where required. NAT has several forms: Static NAT - This is when a private IP address is manually mapped to a public IP address. This is commonly used to expos

 Recently while working on migrating SSIDs from one manufacturers kit to another I found it necessary to check the PSK stored on Windows. The following PowerShell script is what I have been using to give me a concise list of the SSIDs and PSKs stored within Windows (Tested on Windows 10 and Windows 11). 1. Search for PowerShell in the start menu, right click on the entry and select run as administrator. 2. Enter the following commands and hit enter: ( netsh wlan show profiles ) | Select-String "\:(.+)$" | % { $name = $_ .Matches.Groups [ 1 ] .Value. Trim () ; $_ } | % {( netsh wlan show profile name= " $name " key=clear )} | Select-String "Key Content\W+\:(.+)$" | % { $pass = $_ .Matches.Groups [ 1 ] .Value. Trim () ; $_ } | % {[ PSCustomObject ] @ { PROFILE_NAME= $name ;PASSWORD= $pass }} | Format-Table -Wrap   And thats it! it will output a nice list of the known Wi-Fi networks and their passwords.

 I've previously been studying the Secure Wireless LAN content in order to pass the final exam required for my NSE6 (on the way to the NSE8). Going over the material again at the moment I'm noticing that my study sessions are becoming a bit of a blur and I'm not absorbing the content as well as I should be, and I can see this track of study becoming like quicksand if I don't give myself a break from it. The NSE6 fortunately covers a lot of technologies, including FortiAuthenticator and FortiADC which are both heavily featured on the NSE8 blueprint. So from here Im going to review the training for the FortiADC and have a crack at that exam to finish off my NSE6

In wireless networks it is the client that decides what AP and band it connects to, and there are no standardized ways that a AP / Controller can force a client to connect to a different AP. To get around these challenges FortiAPs can be configured to deploy the following: Enabling frequency band load-balancing In a high-density environment is important to make the best use of the two WiFi bands, 2.4 GHz and 5 GHz. The 5 GHz band has more non-overlapping channels and receives less interference from non-WiFi devices, but not all devices support it. Clients that are capable of 5 GHz operation should be encouraged to use 5 GHz rather than the 2.4 GHz band. To load-balance the WiFi bands, you enable Frequency Handoff in the FortiAP profile. In the FortiGate GUI, go to WiFi & Switch Controller > FortiAP Profiles and edit the relevant profile. Or, you can use the CLI:

 Following on from my previous post, I also have some other resources I can use for the NSE8. CBTNuggets CBTNuggets have recently started releasing some courses authored by Keith Barker which are pretty decent. Keith has an engaging manner and brings his vast experience from other vendors to the training which helps make the courses excellent at giving you skills for real world deployments and not just for exam prep. I wouldn't recommend using the CBTNuggets course on its own to pass any exams as they miss information that is in the training.fortinet.com courses, and the parts missed always seem to end up in the exams. However when combined with the Fortinet training they really work well to uplift your real world skillset. Another benefit of CBTNuggets courses is that you can stream them at 2 x speed, so as a general rule based off my previous experience I know I can get through the lecture content plus do associated labbing in the roughly total stated video time.   The total time

Today I'm going to do a short post and messy post to record / share some of the prep I've been doing for the NSE8. Looking at the NSE8 handbook, the recommended courses from training.fortinet.com for prep study are as follows: NSE 4 FortiGate Security FortiGate Infrastructure NSE 5 FortiAnalyzer FortiManager FortiSIEM NSE 6 FortiWeb FortiMail Secure Wireless FortiADC FortiSandbox FortiAuthenticator NSE 7 Secure Access Enterprise Firewall Advanced Threat Protection Cloud Security When you break these courses down by lecture time and lab time, you get the following minimum effort estimate for the NSE8  In addition to the above courses provided by Fortinet, they also recommend the following study materials when studying for the NSE8:   R ecommended Study Materials This section lists the recommended study materials to help certification candidates prepare for the NSE 8 certification exams. • Administration guides and handbooks:      ▪ FortiGate , FortiManager , FortiAnaly