This post is to document the process to manage the secondary Fortigate firewall in a HA firewall cluster, as well as the process to shut down the Fortigate firewall using CLI. This process comes in handy if you are using the same interface for both data and management traffic for the HA pair. Manage the …
How to Manage the Fortigate Secondary/Passive Firewall and Shutdown the HA Pair Read More »
This post is to document the process to configure static IPsec VPN between Fortinet and Sophos Firewall. Environment 1x Fortinet Fortigate Firewall cluster running at active-passive mode 1x Sophos UTM Firewall Both sides have static public IP assigned Phase 1 and Phase 2 use the same encryption (AES256) and authentication (SHA256) algorithm, Group 14 or …
How to configure IPsec VPN between Fortinet and Sophos Firewall Read More »
When Internet Service Providers (ISP) have a new internet link provisioned, very often they have shaping rules on their NTU to regulate internet traffic at promised rate. If your firewall/router/switch is sending excessive traffic than promised rate, the packet will be dropped, then ends up with suboptimal performance and slow internet speed. This post is …
How to Configure Basic Bandwidth Shaping Policing on Cisco Fortigate for ISP Connection Read More »
Eve-NG is the most used network emulation software for network professionals. Similar to Webiou or Unetlab in the older days, you can create virtual network devices for the majority of the IT networking vendors in a simple web GUI. This post is to demonstrate how to simulate or configure the Internet in the EVE-NG lab …
When network professionals handle changes remotely, it is always good to have a safety net available. If you are familiar with Juniper Junos, you would love the “commit confirmed” command very much, as it will revert the config back to the previous config after 10 minutes automatically, in the event of you screwed up the …
This post is to document the process to remove the default Fortilink interface in the Fortinet Firewall configuration. This would be ideal if you are not using FortiSwitch and trying to keep the configuration clean. This process also applies if you are trying to remove other types of default config if the option is greyed …
Issue After initially setting up the Fortigate 100F HA cluster, we got this annoying “out-of-sync” error, dug into it, and found several issues related to the Fortinet firmware version and initial configuration differences. This post is to document the process of troubleshooting and some of the configurations for the Fortinet HA firewall cluster. Environment 2x …
During a Fortinet 100D to Fortinet 100F upgrade migration, the Fortinet Firewall Migration Tool cannot recover the Fortinet IPsec VPN Pre-shared key for you, we cannot find the IPsec VPN Pre-shared key from the previous document Troubleshooting Searching and testing around seem the only fix is to update the key on both ends, however, for …
How to Recover Fortigate IPsec VPN Pre-shared Key Read More »
