Posts Tagged “Fortinet”

Not sure if Fortinet makes it impossible to find the FortiClient SSL VPN application for Mac OSX on purpose or not but it appears to be free for the simple client version so I wanted to provide a location to download the client easily. On Windows you can bring up Internet Explorer and make a SSL VPN connection easily but since IE is not available on OSX it is necessary to have the stand alone FortiClient SSL VPN application. Be careful if you are going to download the Fortinet FortiClient elsewhere as if it is anything other than the simple SSL VPN client it is really bloated.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , ,

Comments 2 Comments »

A company asked me to analyze some of their network traffic to verify some of the projects they are working on to cut costs won’t impact their business. One of the projects includes removing a 100 Mbps fiber connection to their colocation and replacing it with a cable modem that is asynchronous with 50 Mbps download and 5 Mbps upload. Unfortunately they do not have any solid historical network data capture software such as Cacti so before setting up such a service I had to provide initial data via what was available. One of the tools I was able to use was the dashboard data that lives in memory on their FortiGate 200A. Below is information on where to find this information in the FortiGate 200A dashboard.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments No Comments »

It has been awhile since I created a custom service to use in a firewall policy on a Fortinet firewall and I was having trouble. I was thinking of the service as a NAT rule where you map the port one to one such as wanting to allow SSH you would have the firewall NAT through port 22 for each the incoming and outgoing. The FortiOS is more granular than that and allows you to specify the source port of the client instead of the port that is hitting the firewall. The source port is instead the source port of the client so it could be anything from port 1024 to port 655535. Visit Fortinet knowledge center for a step by step of how to create the custom service and assign it to a policy.

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , ,

Comments No Comments »

The question is often raised of how to provide a redundant network solution when connecting your leased cabinet or cage to your colocation’s network. This goal can be achieved in numerous ways but most solutions are fairly expensive. Below I list an entry level option to provide network redundancy when connecting to your colo. One of my preferred vendors is Fortinet because of cost and functionality. Most Foritnet devices will handle BGP, IPS, and provide seamless redundancy between devices. The solution below can be upgraded by purchasing more powerful devices as well as introducing a couple more devices into the solution.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , ,

Comments 7 Comments »

The arp cache of the Fortinet 200A can be cleared by typing the below command into the console.

console# execute clear system arp table
DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , ,

Comments No Comments »