ARP Replies
ARP Replies If a FortiGate firewall interface IP address overlaps with one or more IP pool address ranges, the interface responds to ARP requests for all of the IP addresses in the overlapping IP...
View ArticleIP pools and zones
IP pools and zones Because IP pools are associated with individual interfaces IP pools cannot be set up for a zone. IP pools are connected to individual interfaces. Fixed Port Some network...
View ArticleMoving to a new house!
Hey guys! Just wanted to let you all know that I am moving to a new house starting tomorrow so I will be slow to respond to questions and comments for the next few days so it is nothing personal! Have...
View ArticleServices and TCP ports
Services and TCP ports There are a number of different services and protocols in use on the Internet. The most commonly known is HTTP which is used by web servers to transmit requests and responses for...
View ArticleProtocol Types
Protocol Types One of the fundamental aspects of a service is the type of protocol that use used to define it. When a service is defined one of the following categories of protocol needs to be...
View ArticleVPN Policies
VPN Policies At one point, if you wanted to have secure digital communications between 2 points a private network would be created. This network would only allow the people that were intended to get...
View ArticleInterface Policies
Interface Policies Interface policies are implemented before the “security” policies and are only flow based. They are configured in the CLI. This feature allows you to attach a set of IPS policies...
View ArticleDoS Protection
DoS Protection Denial of Service (DoS) policies are primarily used to apply DoS anomaly checks to network traffic based on the FortiGate interface it is entering as well as the source and destination...
View ArticleOne-Arm IDS
One-Arm IDS Interface-based policy only defines what and how IPS functions are applied to the packets transmitted by the interface. It works no matter if the port is used in a forwarding path or used...
View ArticleIPv6 IPS
IPv6 IPS IPv6 IPS signature scan can be enabled by interface policy. The user can create an normal IPS sensor and assign it to the IPv6 interface policy. config firewall interface-policy6 edit 1 set...
View ArticleClik here to view.
FortiOS 5.4.7 Release Notes
Introduction This document provides the following information for FortiOS 5.4.7 build 1167: l Special Notices l Upgrade Information l Product Integration and Support l Resolved Issues l Known Issues l...
View ArticleClik here to view.
FortiOS 5.6.3 Release Notes
Change Log Date Change Description 2017-12-05 Initial release. 2017-12-07 Added 443203 to Resolved Issues. Added 463211 to Known Issues. Moved 452384 from Known Issues to Resolved Issues. Deleted...
View ArticleTraffic Destined to the FortiGate unit
Traffic Destined to the FortiGate unit IPS enabled in firewall policies can only inspect the traffic pass through FortiGate unit, not the traffic destined to FortiGate unit. Enabling IPS in...
View ArticleDropped, Flooded, Broadcast, Multicast and L2 packets
Dropped, Flooded, Broadcast, Multicast and L2 packets In many evaluation or certification tests, FortiGate firewall is often required to log any packets dropped by the firewall. In most of cases, these...
View ArticleGUI and CLI
GUI and CLI Now in FortiGate, there are two places that IPS can be enabled, in a firewall policy and in an interface policy. In the firewall policy implementation, IPS sensor can be configured in both...
View ArticleLocal-In Policies
Local-In Policies On the FortiGate unit, there are a number of protocols and traffic that is specific to the internal workings of FortiOS. For many of these traffic sources, you can identify a specific...
View ArticleSecurity Policy 0
Security Policy 0 Any security policy that is automatically added by the FortiGate unit has a policy ID number of zero (0). The most common reasons the FortiGate unit creates this policy is: The IPsec...
View ArticleDeny Policies
Deny Policies Deny security policies deny traffic that is coming into the network. The FortiGate unit automatically blocks traffic that is associated with a deny security policy. Deny security policies...
View ArticleAccept Policies
Accept Policies Accept security policies accept traffic that is coming into the network. These policies allow traffic through the FortiGate unit, where the packets are scanned, translated if NAT is...
View ArticleFixed Port
Fixed Port Some network configurations do not operate correctly if a NAT policy translates the source port of packets used by the connection. NAT translates source ports to keep track of connections...
View Article