It is the 3rd Firewall I tries at home on my laptop, that is required for my work. Cisco ASA works in GNS3 http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/ Checkpoint Firewall works in Virtualbox too, that is a great advantage for me as it is free and really easy to use. And now the Fortigate can work in test enviroment […]
June 30, 2012
Sometimes the Fortigate devices has problem and they do not want to boot anymore (my experience is 2 from about 50 Boxes). Sometimes we have to buy a new one, but in this case I mention we should not. The message crc error is a problem that we can solve alone. Official link for RIM: […]
June 20, 2012
Actually this feature is a feature that I have never seen in Cisco ASA or in Checkpoint Firewall. And after reading the original documentation for that I have realised that it knows much more than I have ever expected! :-) The post contains useful notes from the original doc and my summary for the FCNSP […]
June 19, 2012
In this Post I will demonstrate for myself how to create a custom signature and how to modify an IPS Sensor. 1. Custom signature configuration. The configuration of the IPS happens in the following order. 1. Define a signature 2. Define your IPS sensor 3. Add IPS sensor to the firewall policy Used Version: v4.0,build0521,120313 […]
June 19, 2012
On Fortigate we can use LDAP Server for user authentication. What I miss here is the 2 important things what Cisco calls AAA -Authentication -Authorization –> missing -Accounting –> missing – Fortigate Supports LDAP, RADIUS, TACACS, with LDAP it can only authenticate users, authorization is only possible with TACACS. – With Fortigate we cannot define […]
June 19, 2012
Remote Access VPN with fortigate client configuration. Used Version: v4.0,build0521,120313 (MR3 Patch 6) 1. Add user. In this example a simple local user, but as we can see the list of the remote authentication servers, the fortigate has a lot of possibilities. myfirewall (root) # sh user adgrp FSSO groups ban configure banned IP addresses […]
June 19, 2012
With the RPF function the Firewall checks if the packet comes in the firewall on the correct interface and does not try to spoof the address. For example in a DMZ network a packet coming in the dmz interface of the firewall and has a source IP from the internal network is spoofed. The firewall […]
June 18, 2012
It is pretty easy to configure more firewalls on a Fortigate box and against Cisco ASA they can do VPN as well! And the virtual firewalls can work in transparent and routed mode independently from each other, this is not possible with Cisco. The missing feature would be what Cisco already has is the resource […]
June 18, 2012
Dead Gateway Detection is feature like the backup or reduntant ISP service. In case we have 2 ISP connections to internet – a backup line with smaller bandwith and another used normally – we can use one as a backup internet connection. The topology: 1.1.1.0/24 | | Firewall | | | 2.2.2.0/24 | | | […]
June 6, 2012
Just a little bit zoom in a dhcp traffic, too see how it really works in the background. It is a memory Post of an old story at Cisco TAC: I had a big problem with the DHCP Client on a PIX Firewall and at the end I managed to prove it that this was […]
June 30, 2012
15