There is no excerpt because this is a protected post.
The post SAML 2.0 FSSO with FortiAuthenticator and Centrify appeared first on Fortinet Cookbook.
↧
SAML 2.0 FSSO with FortiAuthenticator and Centrify
↧
Redundant Internet with SD-WAN
This recipe provides an example of how you can configure redundant Internet connectivity for your network using SD-WAN. This allows you to load balance your Internet traffic between multiple ISP links and provides redundancy for your network’s Internet connection if your primary ISP is unavailable. Find this recipe for other [glossary_exclude]FortiOS[/glossary_exclude] versions 5.2.0 | 5.2.1 + ...
The post Redundant Internet with SD-WAN appeared first on Fortinet Cookbook.
↧
↧
VXLan over IPsec using VTEP
This scenario is intended for network engineers who are familiar with the FortiGate platform and are looking for an example FortiOS 6.0 configuration. It does not include all of the required configuration steps but the intention is to provide the information you need to implement VXLAN over IPsec. In this article we cover a VXLAN over...
The post VXLan over IPsec using VTEP appeared first on Fortinet Cookbook.
↧
Episode 17: FortiGate Troubleshooting – Tools and Methodologies
Send us your questions! We’re looking to do a Q&A episode of FortiCast and we need your help. If you have a question that needs an answer, email us at forticast@fortinet.com. Information about tools and methodologies you can use to troubleshoot your FortiGate. Troubleshooting resources Fortinet Documentation Library FortiOS Handbook FortiCloud Fortinet Knowledge Base Security...
The post Episode 17: FortiGate Troubleshooting – Tools and Methodologies appeared first on Fortinet Cookbook.
↧
VXLan over IPsec using VTEP
This scenario is intended for network engineers who are familiar with the FortiGate platform and are looking for an example FortiOS 6.0 configuration. It does not include all of the required configuration steps but the intention is to provide the information you need to implement VXLAN over IPsec. In this article we cover a VXLAN over...
The post VXLan over IPsec using VTEP appeared first on Fortinet Cookbook.
↧
↧
Episode 45: Q&A #2
In this episode, we answer listener questions about FortiCloud, wireless intrusion detection system (WIDS), logging solutions, sandboxing, simplified deployment and configuration management, FortiDeceptor, and common mistakes with Fortinet deployments. If you have any questions you’d like us to answer in our next Q&A, send them to forticast@fortinet.com. Resources FortiGateCloud 7-Day Trial FortiGuard Application Control Submission...
The post Episode 45: Q&A #2 appeared first on Fortinet Cookbook.
↧
Episode 50: FortiGate Troubleshooting: CPU and memory usage
Members of the Fortinet technical assistance center (TAC) discuss some common issues with FortiGate CPU and memory usage and how to troubleshoot them. Part two of two. Troubleshooting resources Fortinet Knowledge Base Troubleshooting Tip : debug flow messages Troubleshooting Tip : First steps to troubleshoot connectivity problems FortiGate log information Technical Note: Details about FortiOS...
↧
Filtering WiFi clients by MAC address
In this recipe, you will configure a managed FortiAP to filter client devices based on MAC address. Only authorized devices will have access to the wireless network. In the example, only a single device is authorized, but you can add devices as required. PREP 15 mins COOK 1 min TOTAL 16 mins 1....
↧
Monitoring and suppressing rogue APs
In this recipe, you will learn how to monitor and suppress rogue access points (APs). A rogue AP is an unauthorized AP connected to your wired network (“on-wire”). Before suppressing any AP, confirm that Rogue Suppression is compliant with the applicable laws and regulations of your region. Discovered access points are listed in Monitor > Rogue AP...
↧
↧
SSL VPN to IPsec VPN
In this recipe, you will configure a site-to-site IPsec VPN that allows access to the remote endpoint via SSL VPN. This involves a pre-existing user group, a tunnel-mode SSL VPN with split-tunneling, and a route-based IPsec VPN between two FortiGates. In the example, all sessions need to start from the SSL VPN interface. If you...
↧
Fortinet Security Fabric installation and audit
In this recipe, you will configure a Fortinet Security Fabric that consists of four FortiGates and a FortiAnalyzer. One of the FortiGates will act as the network edge firewall and root FortiGate of the Security Fabric, while the others function as Internal Segmentation Firewalls (ISFWs). Once the network has been configured, a Security Fabric Audit...
↧
Using zones to simplify firewall policies
This cookbook recipe shows how grouping multiple interfaces into a zone can simplify firewall policies. In this example, we create VLAN10, VLAN20, and VLAN30 and add them into a zone called the “[glossary_exclude]LAN[/glossary_exclude] Zone.” Instead of having to reference all 3 interfaces separately as a source interface in our firewall policy, we can just use...
↧
Episode 21: Fortinet Security Fabric
FortiCast is back with a new episode (and a new host!). This episode focuses on the Fortinet Security Fabric, examining how it works and what problems it solves. Security Fabric resources Security Fabric website Security Fabric documentation The Security Fabric Collection Security Fabric video playlist Subscribe to FortiCast
↧
↧
Content Disarm and Reconstruction (CDR)
This recipe has been moved. For the updated content, go here.
↧
DNS Filtering
This recipe has been moved. For the updated content, go here.
↧
High Availability with FGCP (Expert)
This recipe has been moved. For the updated content, go here.
↧
Configuring ADVPN in FortiOS 5.6
This recipe is an updated version of our FortiOS 5.4 recipe covering ADVPN basics. ADVPN (Auto Discovery VPN) is an IPsec technology based on an IETF RFC draft (https://tools.ietf.org/html/draft-sathyanarayan-ipsecme-advpn-03). In simple terms, ADVPN allows a traditional hub and spoke VPN’s spokes to establish dynamic, on-demand direct tunnels between each other so as to avoid routing...
↧
↧
Site-to-site IPsec VPN with overlapping subnets
This recipe has been moved. For the updated content, go here.
↧
Enterprise FortiSwitch Secure Access
This cookbook article documents a highly resilient 2-tier FortiSwitch architecture (faster convergence) that take advantage of the full performance (bandwidth utilization) offered by MCLAG (multichassis LAG). The FortiGates, for the exercise, are under FortiOS 6.0.1 and FortiSwitch at 6.0 or 3.6.6 (depending on platform compatibility). FortiSwitch must be at least at 3.6.4 in order to...
↧
SAML 2.0 FSSO with FortiAuthenticator and Google G Suite
In this example, you provide a Security Assertion Markup Language (SAML) FSSO cloud authentication solution using FortiAuthenticator in conjunction with Google G Suite. The FortiAuthenticator acts as the authentication Service Provider (SP) and Google as the Identity Provider (IdP). The FortiGate has a WAN IP address of 172.25.176.92, and the FortiAuthenticator has the WAN IP address...
↧