Next Gen Firewall

How to Fix Forti Manager Fortigate out-of-sync – “the category is already set in another filter”

This post is about fixing the Forti Manager and Fortigate firewall out-of-sync error – “the category is already set in another filter” Troubleshooting * Upgrade the Fortigate firewall version to match up the version with Forti Manager, but it does not help * Check the installation log and the error is as below: Fix After …

How to Fix Forti Manager Fortigate out-of-sync – “the category is already set in another filter” Read More »

How to Configure Azure Hub and Spoke Topology Part 3 – Forced Tunnel

This Post is the last part of Configuring Azure Hub and Spoke – Configure Forced Tunnel so all traffic (paritcularly internet traffic) can be routed via the IPsec tunnel. Overall Topology Environment *On-prem Environment has a pair of Fortinet Fortigate firewalls with a public IP of 4.4.4.4 *Hub and Spoke are on different subscriptions. Note: …

How to Configure Azure Hub and Spoke Topology Part 3 – Forced Tunnel Read More »

How to Configure VRRP between Fortinet and Cisco

This post is about configuring VRRP between Fortinet Fortigate and Cisco Environment Fortigate firewall and Cisco router’s interfaces are configured using sub-interface, the physical interface will also work here. 100 is the VRRP Group ID FortiGate Firewall has a higher priority 255, so it will be the master Cisco Configuration Fortinet FortiGate Firewall Configuration As …

How to Configure VRRP between Fortinet and Cisco Read More »

How to Mitigate Fortinet Vulnerability: Authentication Bypass on Administrative Interface

Issue Summary FortiGuard ID: FG-IR-22-377CVE ID: CVE-2022-40684Severity: Critical / CVSS: 9.6 Specific versions of Fortinet FortiOS (FortiGate Firewall) and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Affected Products FortiOS version 7.0.0 to 7.0.6 FortiOS version 7.2.0 through 7.2.1 FortiProxy: From 7.0.0 to …

How to Mitigate Fortinet Vulnerability: Authentication Bypass on Administrative Interface Read More »

How to Configure IPsec VPN between Azure and Fortigate Firewall

This post is about the configuration of IPsec VPN between Azure and Fortinet Fortigate firewall, as part 2 of the post “How to Configure Azure Hub and Spoke Topology” Overall Topology Environment *On-prem Environment has a pair of Fortinet Fortigate firewalls with a public IP of 4.4.4.4 *Virtual Network Gateway (with local gateway and connection …

How to Configure IPsec VPN between Azure and Fortigate Firewall Read More »

How to Configure Dial-up IPsec VPN from Fortinet FortiGate to Juniper SRX

This post is to document the process of configuring dynamic IPsec VPN from Juniper SRX to FortiGate Firewall, then configure OSPF over IPsec tunnel interfaces with a bit of OSPF route filtering. Environment 1 x Fortinet FortiGate Firewall with dynamic WAN IP address 1 x Juniper SRX firewall with Static WAN IP address Requirement is …

How to Configure Dial-up IPsec VPN from Fortinet FortiGate to Juniper SRX Read More »

How to Configure IPsec VPN between Cisco FTD/FMC and Fortinet Firewall

This post is about configuring IPsec VPN between Cisco FTD/FMC Firepower and Fortinet FortiGate firewall Environment Cisco FTD firewall on routed mode and managed by FMC Fortinet FortiGate Firewall Note: Feel free to modify the Phase1 and Phase2 settings based on your security requirements Fortinet FortiGate Firewall Configuration Go to “VPN – IPsec Tunnels – …

How to Configure IPsec VPN between Cisco FTD/FMC and Fortinet Firewall Read More »

How to Configure FileZilla FTP Server with FortiGate Firewall

This post is to demonstrate the process to Configure FileZilla FTP Server with Fortigate Firewall. FileZilla Server configuration Connection configuration Auto-ban configuration Passive mode port range FTP user configuration Fortinet FortiGate Firewall configuration In virtual IP configuration, we have dedicated public IP, hence 1 to 1 Static NAT is used Firewall Policy configuration Common Error …

How to Configure FileZilla FTP Server with FortiGate Firewall Read More »

How to Configure Port Forwarding Destination NAT on Fortinet Firewall

This post is to demonstrate the quick steps to configure port forwarding / Destination NAT on the Fortinet Fortigate firewall. Environment Fortinet Fortigate firewall. ISP has provided a /29 range of the public IP addresses. The requirement is to open port 443 from specific public IP addresses, not the whole internet. Configure Virtual IP or …

How to Configure Port Forwarding Destination NAT on Fortinet Firewall Read More »