Introduction Configuring a Zscaler GRE (Generic Routing Encapsulation) tunnel on Juniper SRX, along with SLA/failover capabilities, involves several steps. The process may vary slightly based on the specific Juniper SRX model and Junos OS version you are using. Below is a general configuration that you can follow. Make sure to adapt the instructions to your …
How to configure Zscaler GRE tunnel on Juniper SRX with SLA Read More »
Migrating firewall configurations can be a complex task, but with the right tools, it becomes a much more manageable process. The Firewall Migration Tool from GitHub is a versatile solution that can bring efficiency and reliability to migrate firewall configurations such as addresses, groups, policies, and customized services etc. Big thanks to Vahid Tavajjohi!!! https://fwmig.readthedocs.io/en/latest/ …
How to Migrate Firewall Configuration across Vendors Read More »
Migrating from an old Palo Alto firewall to a new one involves a few more considerations, especially if the models or PAN-OS versions differ. Here’s a comprehensive approach: 1. Preliminary Steps: 2. Backup and Export Configuration: 3. Prepare the New Firewall: 4. Import Configuration to the New Firewall: 5. Post-Import Checks: 6. Additional Recommendations: Lastly, …
How to Upgrade Old Palo Alto Firewall to New Model Read More »
Disabling Zero Touch Provisioning (ZTP) and setting up a basic configuration on a Palo Alto Networks firewall requires administrative access to the device, either through the command-line interface (CLI) or the web-based interface (WebUI). Disable ZTP using GUI 1.Connect to the firewall’s management IP address using a web browser.2.Login using the default credentials (username: admin, …
How to Disable ZTP in Palo Alto and Setup the Basic Configuration Read More »
This post is about fixing Starlink static route issue in FortiGate Firewall Issue The issue comes when configuring Starlink in FortiGate Firewall; no matter how we configure the administrative distance and priority for the StarLink state route, one default configuration overrides the manual static route. Environment StarLink as secondary internet link, it should only kicks …
How to Fix Starlink Static Route issue in FortiGate Firewall Read More »
This post is about fixing the Forti Manager and Fortigate firewall out-of-sync error – “the category is already set in another filter” Troubleshooting * Upgrade the Fortigate firewall version to match up the version with Forti Manager, but it does not help * Check the installation log and the error is as below: Fix After …
This Post is the last part of Configuring Azure Hub and Spoke – Configure Forced Tunnel so all traffic (paritcularly internet traffic) can be routed via the IPsec tunnel. Overall Topology Environment *On-prem Environment has a pair of Fortinet Fortigate firewalls with a public IP of 4.4.4.4 *Hub and Spoke are on different subscriptions. Note: …
How to Configure Azure Hub and Spoke Topology Part 3 – Forced Tunnel Read More »
This post is about configuring VRRP between Fortinet Fortigate and Cisco Environment Fortigate firewall and Cisco router’s interfaces are configured using sub-interface, the physical interface will also work here. 100 is the VRRP Group ID FortiGate Firewall has a higher priority 255, so it will be the master Cisco Configuration Fortinet FortiGate Firewall Configuration As …
How to Configure VRRP between Fortinet and Cisco Read More »
Environment Forti AP U431F – WiFi 6/AX enabled access points FortiGate Firewall is used as Wireless Controller FortiGate Firewall and Forti AP are on different VLAN/Networks. DHCP Option 138 is configured on Windows Server 2022 to point to the FortiGate (Wireless Controller) address Error You can see the Image ID is “MERU SECONDARY“ Solution You …
Issue Summary FortiGuard ID: FG-IR-22-377CVE ID: CVE-2022-40684Severity: Critical / CVSS: 9.6 Specific versions of Fortinet FortiOS (FortiGate Firewall) and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Affected Products FortiOS version 7.0.0 to 7.0.6 FortiOS version 7.2.0 through 7.2.1 FortiProxy: From 7.0.0 to …
