Posts

Useful FortiGate CLI troubleshooting commands

Image
 The following commands can be useful when troubleshooting issues on a FortiGate firewall from the CLI: 1. execute tac report This command runs the majority of the key troubleshooting commands. It doesnt take long to complete and its non-impactful to the functionality of the FortiGate firewall. This command outputs a lot of text, so it is best to be recording your SSH session prior to running this command so that the output is easily viewable after. 2. get system status This command displays the versions of the FortiGates firmware, and FortiGuard engines. It also displays other useful system information such as platform and license status. 3. get system performance status This command displays CPU and memory states, average network usage, average sessions and session startup rate, virus's caught, IPS attacks blocked and uptime. In Multi-VDOM mode this command needs to be run in global configuration mode (config global, instead of config vdom) 4. diagnose sys top This command lists
Post a Comment
Read more

FortiGate Firewall Policy Logging Settings

Image
 A FortiGate firewall has 3 settings that can affect logging behavior on a policy. The three settings that can affect logging behavior on a FortiGate firewall policy are: The Log allowed traffic toggle The "Security Events" or "All Sessions" selection The available security profiles   The following table outlines the expected logging behavior when these different settings are combined: For example, enabling logging and selecting security events, while not enabling any security profiles, will result in no logs. You may as well have logging turned off.
Post a Comment
Read more

FortiGate Features that work after subscriptions expire

Image
License-less FortiGate Protections One of the things that I like about FortiGate firewalls is the fact that the majority of features are available without a license. As a general rule, Fortinet will want you to pay a subscription for any feature that has ongoing costs for them to run, such as: - FortiGuard Updates (including Web Filtering, AV, IPS/IDS and WAF) - Firmware Updates To provide a more comprehensive list, the following features continue to work after your FortiGate subscriptions expire, the only exception are the virtual FortiGate firewalls which require a base license for this functionality: When you are running a FortiGate without licenses (as a lot of lab units end up doing), there are ways to get dynamic updates. These are through the use of the External Threat Feeds. An external threat feed is a way for a FortiGate to pull a list of URLs, IPs, Domains, or a Malware Hash from a web site - generally as a text file. As with most things on the internet, there are paid feeds
Post a Comment
Read more