Thursday, 28 November 2019

Interface vlan

Vlan200 will work as L2. Must connect to trunk(tagged) allow vlan200
Vlan routing fortigate will route

Posted by at No comments:

Wednesday, 27 November 2019

Add new line internet

1. Ip
2. Role lan, wan
3. Interface
4. Distance
5. Policy route
6. Static route

Posted by at No comments:

Saturday, 9 November 2019

dhcp problem and view data


Please run the following on the CLI and share with me the output:
1. config system dhcp server
     edit 1
     get
    end

2. Identify the multiple IP for one device at DHCP monitor, then run
   get system arp | grep -IP address of the same iPhone-
    Example:
    get system arp | grep 192.168.0.1
    get system arp | grep 192.168.0.2
    get system arp | grep 192.168.0.3
Posted by at No comments:

Friday, 8 November 2019

virtual IP, for connect from outside

1. create virtual ip
must configure
interface - which have internet line
external ip - public ip or wan ip
map ip- private ip

enable port fowarding [optional]
protocol
external port
map to port - internal port

Posted by at No comments:
Labels:

Thursday, 7 November 2019

local user authentication

max 4320 minutes (72 hours)
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30760

1. create group
1.1 create user
2. authentication setting timeout(minute)
disable redirect

create policy
    address+group or user

Error authentication fail
Check username & ip in policy
Change password
Restart n reset browser

Posted by at No comments:
Labels:

user authentication

One error that can occur happens when the site you attempt to connect to uses HTTP Strict Transport Security (HSTS).  If this is the case, you may get an error message that is impossible to override:



If this message appears, the best thing to do is browse to a different site and re-attempt user authentication.  Once your user credentials have been accepted by the FortiGate, you can access the site that was previously blocked (unless that site is blocked by web filtering).

Browsers sometimes recognize that authentication is required and will display a different HSTS error message that allows you access the login page:



If this error appears, you have the option to open the login page and enter your credentials.

Another error can occur when the common name of the certificate used for HTTPS encryption not matching the URL of the site you are attempting to access:



If this message appears, the best thing to do is browse to a different site and re-attempt user authentication. Once your user credentials have been accepted by the FortiGate, you can access the site that was previously blocked (unless that site is blocked by web filtering).
firewall will use port 1003
https://fgt.example.com:1003 
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)