Backtrack:  
Blog
 
showing posts tagged with 'fortigate'
 
How to debug FortiToken activation mails on FortiGate
edited by on March 15th 2021, at 16:46
The most easy way to debug the sending of the FortiToken activation e-mails from a FortiGate firewall is by using the CLI debugging tools. The sending of activation e-mails is part of the alerts e-mail system so we need to enable debugging on that system.

To enable debugging from the CLI:

diag debug resetdiag debug enablediag debug console timestamp enablediag debug application alertmail -1

Sending the activation e-mail will output the e-mail contents and the SMTP session. Particularly useful are the SMTP return codes after each SMTP command. See this page on Wikipedia to see a list of return codes.

The debug session will remain active for 30 minutes after which it will stop automaticall  ...
 
Disable FortiClient auto start on macOS
edited by on June 26th 2020, at 12:34

By default, the FortiClient will start up automatically when starting macOS. This may not always be desirable but fortunately, auto-start can be disabled quite easily.

The FortiClient launch agent is located at /Library/LaunchAgents/com.fortinet.forticlient.fct_launcher.plist. Use any text editor to open and edit this file, but you probably will need to do this using Terminal and using sudo to launch a text-based text editor (e.g. vi or nano).

With the file open, look for these lines:

<key>RunAtLoad</key>
<true/>

Change true to false and save the file. Note that updates to the FortiClient may overwrite the change.

 
Fortigate: configure DNS search domain (suffix) for SSL VPN and IPSEC
edited by on March 13th 2019, at 13:49

Currently, it is not possible to configure the DNS suffix (search domain) for SSL VPN and IPSEC tunnels through the GUI, but it can be configured using the CLI.

For SSLVPN:

config vpn ssl settings
set dns-suffix example.com example.org
end

For IPSEC:

config vpn ipsec phase1-interface
set domain example.com
end

Changes are effective immediately. After configuring the setting, users will be able to resolve names using single names instead of FQDN.

 
Debug and troubleshoot an IPSEC VPN tunnel on a FortiGate
edited by on June 24th 2015, at 11:10
The logging on a FortiGate firewall is very scarse, making it difficult to troubleshoot issues. This can especially be a problem when setting up a site-to-site IPSEC VPN tunnel. Although the web interface doesn't provide much information for troubleshooting and debugging, the console does when debugging is enabled.

On most (if not, all) FortiGate appliances, you can access the console through the web interface. It usually can be found on the Dashboard (> Status).



As it says, click on the console to activate it.

Enabling debugging for all IPSEC VPNs means we enable debug mode on "IKE". This is done by the following series of commands.

If any debugging is already in progress  ...
 
Fortinet SSO agent connection password
edited by on June 5th 2015, at 14:53

A note of caution: when installing the Fortinet SSO Agent on a server, the option to secure connections from a FortiGate with a password is enabled by default, and a random password is assigned.

You have to turn off or change the password before you add the SSO agent in your Fortigate.

There's no mention of this in the manuals, so now you know...

 
FortiClient refuses to (re)-install with "no updates found" message
by on January 1st 1970, at 01:00
I recently ran into an issue where my FortiClient app on macOS no longer worked and I had to reinstall it. Unfortunately, if the installer detects it is already installed, it refuses to install and instead, simply attempts to update it, concludes there's no new version, and ends with the message "No updates found". The official solution is to use the FortiClient Uninstaller app, which can also be found in the /Applications, but if that's no option, you're seemingly stuck.

Fortunately, there's an easy way out by manually removing the app files, then rerunning the installer.

First, using Finder, completely remove the following apps (remove and remove from Bin):

FortiClient

FortiC  ...
 
 
showing posts tagged with 'fortigate'
 
 
« April 2024»
SunMonTueWedThuFriSat
 123456
78910111213
14151617181920
21222324252627
282930    
 
Links
 
Quote
« Most people tend to avoid true conflict. Ironically this breeds more conflict. »