Hello,
Whenever i have the change i read the following Magazine that i highly recommend.
Here is the download link: Insecure Magazine
Hope you enjoy it!
Fortigate Tips and Tricks
January 27th, 2012 
admin Fortigate Tips and Tricks
This article presents some useful commands/tricks that you can do to your Fortigate.
Debug Addresses:
Many times it happens that we have a lot of firewall policies for one address defined in our address Pool.
Let’s take an example:
We have “WWW_Server” defined with the IP of 172.18.1.10. To see what policies are using this Address we can use the following:
#diag sys checkused firewall.address:name 'WWW_Server'
Fortigate | Fortinet Antivirus
January 27th, 2012 admin Hello,
It this post i will talk about the AntiVirus feature of Fortigate. Since the firewall from Fortinet has a lot of features it is normal that AntiVirus is one of them.
The processing of the Antivirus application goes as following:
1. File Filter -first it checks if any files match a file filter defined by you. Ex: block any “.exe” files
2. Virus Scan – it then scans the file for known viruses
Fortigate Tutorial – Authentication
January 26th, 2012 admin
Fortigate Tutorial 4 – Authentication
The Fortigate aplience support different types of authentication.
Let’s discuss them here:
1. LDAP
Fortigate support all servers that are LDAP compliant. It supports up to LDAPv3
Also LDAP over SSL/TLS is supported. One downside of using LDAP is that the Fortinet firewall does not supply any information on why the user authentication failed. For the reason you must check the Server itself.
2. Local Users
You can define local users on the Fortigate itself, by defining a user name and a password for the user.
3. RADIUS
Radius is also supported on the Fortigate. For this you just define a RADIUS server and define the shared key between the RADIUS server and the FG.
Fortigate Tutorial – Fortiguard
January 26th, 2012 admin
Fortiguard Services
Fortinet provides a world wide coverage of Fortiguard sevices through the Fortiguard Serice Points. The communication between your FortiGate appliance and the Fortiguard Service Points is possibled on port UDP 53 but it can also be changed to port 8888.
Since Fortigate firewalls are placed all over the world, the use DNS so you can get the closest one to you.
The updates issued by Fortiguard can only be received on port UDP 9443, so be carefull to not have this port closed.
Caching is available for the following UTM appliances: Web-Filter and AntiSpam. This option is strongly recommeded as it imporves performance by reducing Fortigate unit registration to the Fortiguard service. The space that cache uses is only a small percentage of the System memory that the firewall can have.
In the situation that the cache is full, the oldest cache is deleted.
You also have a TTL option that controls the number of seconds to store the IPs and URLs that the Fortiguard service provides before contacting it again.
