gotonet的专栏

DNS translation translates IP addresses in packets sent by a DNS server from the internal network to the external network. Use DNS translation if you have a DNS server on your internal network that

1.         全球技术论坛：http://support.fortinet.com/forumFortiNet2.         中国技术论坛：http://bbs.fortinet.com.cnFortiNet3.         技术资料网站：http://kc.forticare.comFortiNet4.         最新版本：FortiOS V2.80 buil

FortiGate units support L2TP with Microsoft Point-to-Point Encryption (MPPE) encryption only. Later implementations of Microsoft L2TP for Windows use IPSec and require certificates for authentication

Fortigate-800 # config sys global  (global)#  set      modify value unset    set to default value get      get configuration show     retrieve value abort    end and discard last config

Design ConsiderationsThere are two separate considerations when using two Internet uplinks: Link Redundancy and Load Sharing. These two features can be combined or implemented separately.

IntroductionThis configuration demonstrates how to connect a Forticlient to a Fortigate usingDHCP-Over-IPSec feature.  PrerequisitesComponents Usedu    Forticlient V1.0-build207u    Fo

Case ScenarioYou have to two groups of users attempting to access the Internet through the FortiGate. Most users need to be restricted in their access to the Internet. A few select users are permitt

Fortinet Certified Network Security Professional Taining NotesImplmenting FortiGate Security and Content InspectionCourse 925-201b Authorized TainingInstructor: Florence Lau Fortinet Malaysia Sd

This above message may be displayed on the Alert Message Console GUI. It is similar to the “The system has entered conserve mode” Event log message.Explanation:The antivirus engine was low on memo

转载请保留作者信息及出处。测试环境：fortios 3.0 MR2.防火墙策略没有做任何防病毒过滤及保护内容表动作。现象：MSN无法登陆，部分网站同样也无法访问。 一开始我使用的版本为FortiOS 2.8 MR11 build 489，MSN和部分网站可以访问，没有问题，升级到3.0版本后，配置没变，但MSN和部分网站无法登陆，首先，给我的第一印象可能是版本BUG问题，与厂商

1、在防火墙上定义对应的IP－mac对应表config firewall ipmacbinding table    edit 1        set ip 192.167.1.111        set mac 00:0a:eb:7c:16:05        set name "robbie"        set status enable    next

You can use the CLI command config imp2p old-version to block older IM versions than the following at Fortios 3.0: MSN 6.0 ICQ 4.0 AIM 5.0 Yahoo 6.0For details see the For

1，通过超级终端或其他工具，连接CONSOLE口，参数设置为默认即可，特别的例外，例如，Fortigate-300（A），速率为115200.其他相同。2，使用交叉线连接防火墙的internal口，A系列产品的接口为自适应。3，重新启动防火墙，出现如下提示：   Ver:03000300Serial number:FGT-602103243758RAM activation

如果用户忘记默认的"admin" password (or any other admin access), 如下为恢复密码的过程,仅供参考:1. Connect a PC serial (com port) to FG console.2. Bring up Hyper Terminal using proper setting.3. At the console login prompt, t

FORTINET DHCP CONFIGURE:config system dhcp server    edit "DHCP"        set default-router 192.168.3.254        set end-ip 192.168.3.253        set interface "internal"        set lease-time 17280

PROCEDURE TO FORMAT AND RECOVER THE HARD DISK---------------------------------------------------------Needed tools for this procedure :- a terminal client (windows hyperterminal, linux minicom...)

How do I configure an interface to use link aggregation using CLI commands?If port 2 and port 3 are available, the following CLI commands create an aggregate called "link_agg" with an IP/netmask of

Problem: Certain web sites are not viewable. The Fortigate is configured to use PPPoE to connect to the ISP.Solution: Use the "tcp-mss" interface option.Topology:HTTP Client----(internal)FGT(ppp

FortiGate units by default do not accept TCP or UDP connections on any port (except TCP port 443 HTTPS connections on the default internal interface for administration). This reduces the possibility o

FortiGate Configuration1. Area configuration:Fortigate-500 # config router ospf(ospf)# config area(area)# edit 0.0.0.1new entry 0.0.0.1 added(0.0.0.1)# end2. Network configuration:(ospf)# co

The FortiUSB key enables you to backup and restore configuration files and auto install firmware images.Note: The FortiGate unit can only use a FortiUSB key.Inserting and removing the FortiUSB key

Network traffic originating from FortiGate units (not passing through FortiGate units) is used for sending log messages to remote log servers, sending SNMP traps, resolving network names using DNS,

All FortiGate models with v2.80Session or connection attempts that are established to a FortiGate interface, are by default not logged if they are denied.  The following can be configured, so that t

What is link aggregation?Link aggregation, otherwise known as IEEE 802.3ad standard, allows the grouping of interfaces into a larger bandwidth trunk. It also allows for high availability (HA) by a

When a FortiOS v3.0 cluster is operating, the FGCP assigns virtual MAC addresses to each primary unit interface. The FGCP uses virtual MAC addresses so that if a failover occurs, the new primary uni

Limiting bandwidth requires two steps Create an address name for youtube.com Create a traffic shaping firewall policy This policy will only affect traffic between users and YouTube,

IntroductionThis document describes how to configure virtual domains in Transparent mode to provide AV/IPS protection in an 802.1q VLAN trunk environment. In a typical 802.1q VLAN trunk environmen

This article describes how to manually test an IP address connecting to your SMTP server to verify whether it is considered a Spam source by various RBL/ORDBL/DNSBL services.This example uses a Micr

About virtual IPsVirtual IP (VIP) addresses enable users from outside a private network to access services inside that network. Under normal circumstances, this is not possible because Internet rout

About redundant interfacesYou can combine two or more physical interfaces to provide link redundancy, to ensure that Internet services remain active if one physical interface fails.You can set u

IntroductionAll FortiGate units have a powerful packet sniffer on board. If you know tcpdump you should feel comfortable using the FortiGate Sniffer.Additional sniffer tips can be found in the F

About redundant interfacesYou can combine two or more physical interfaces to provide link redundancy, to ensure that Internet services remain active if one physical interface fails. You can set

Unless you are doing this to resolve an outage, plan this firmware installation because there will be an outage from when you reboot the FortiGate unit until it restarts with the new firmware.  Co

Runtime-only config mode is a temporary mode where the commands you enter do not automatically become part of the saved FortiGate configuration. This enables you to make changes with the knowledge tha

cisco 3745 router config:Router#sh runBuilding configuration...Current configuration : 3002 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service p