วีดีโอ

Excellent!😊

Hi Sir, I have some questions confusing me. The CTAP config file was withou any policy, routing etc. If I restore the CTAP file to my FG, will cause all my configuration gone right? Hope can get you reply. Thanks a lot.

Dude, you are all over the place. Write a scrip then teach, you make my head hurt.

Thanks bro. Could you provide me personal training session ?

Sir, I need to forward multicast IP packets coming from a MPLS router through the Fortinet Fortigate 60F firewall. I have configured the firewall as follows : 1) Under network--->interfaces---> two ports have been configured, one as "INPUT" (to receive data from the router) and other as "OUTPUT" (to send data). The "INPUT" port IP address is in the same IP group as the router port to which it is connected. The "OUTPUT" port IP address is of a different group. 2) Under policy & objects--->addresses--->total five (05) multicast IPs have been defined. Interfaces have been set to 'all/any'. 3) Under policy & objects--->multicast policy--->Input interface is set to "INPUT", output interface to "OUTPUT", source address to "ALL/ANY", destination address to the five (05) multicast addresses that have been already defined. Protocol is set to UDP with port range from 1 - 65535. Strangely, I am getting only one multicast IP on the "OUTPUT" port. I mean, the firewall is forwarding only one multicast group from INPUT to OUTPUT port. It will be very helpful for me if you can provide any solution for this.

Sir, I need to forward multicast IP packets coming from a MPLS router through the Fortinet Fortigate 60F firewall. I have configured the firewall as follows : 1) Under network--->interfaces---> two ports have been configured, one as "INPUT" (to receive data from the router) and other as "OUTPUT" (to send data). The "INPUT" port IP address is in the same IP group as the router port to which it is connected. The "OUTPUT" port IP address is of a different group. 2) Under policy & objects--->addresses--->total five (05) multicast IPs have been defined. Interfaces have been set to 'all/any'. 3) Under policy & objects--->multicast policy--->Input interface is set to "INPUT", output interface to "OUTPUT", source address to "ALL/ANY", destination address to the five (05) multicast addresses that have been already defined. Protocol is set to UDP with port range from 1 - 65535. Strangely, I am getting only one multicast IP on the "OUTPUT" port. I mean, the firewall is forwarding only one multicast group from INPUT to OUTPUT port. It will be very helpful for me if you can provide any solution for this.

what would be the DNS server configured in FAC?

thank you for your help

Thanks for the video, question here, after adding the info of the new devices in the csv, we have to authorize it manually in the FMG? I want to import a device via IPSEC while devices are in remote locations. It means I have to get a ipsec-mgmt tunnel up before pushing the config via csv? If you could make a video around it, would be great to see. I guess in most cases this use case is very usually implemented. Thank you for the series, great efforts. New subscriber 😊

Subscribed - great video

Hey buddy! May I ask, using SSO with deep packet inspection configured, can I still exclude certain category of websites like finance without any problem?

Great video and explanation of this topic. I'm just getting started with Fortigate and looking forward to more of your videos. Thank You

Good video. I just bought my fortigate and thought it was protecting me but it wasn't.

Excellent! Thank you for these videos.

Golden! Thank you 😊

Thanks dude

Hello, I would like to ask three questions 1. Is there an architecture diagram of this video, including all IP addresses? 2. Is there any pre-configuration that needs to be completed at the beginning of this video, such as IPSEC VPN SDWAN, and then set up after the VPN is established? 3. Regarding FAZ IP, I don’t know much about it here. Are the FAZ IPs of HUB and SPOKE the same? If so, do all the points need to be connected to the same FAZ in the front end?

What event did you use at 2:55 to detect WAN1 sdwan is down or up? SDWAN status warning? or?

Thank you for the video. I do have a question: Why in the case of internal traffic leaving to internet we need to apply even the IPS Signatures and Filters ? Is it just enough to enable Block Malicious URLs and Outgoing Connections to Botnet Sites ? so you can save memory and cpu ?

Hey, I know Dave!

Forgive me, I am pretty new to Fortinet equipment and still learning. What benefit would there be to use this if I were to use FortiManager in an enterprise? Would this work the same as a ADOM in FortiManager which shares a policy and object database with devices in the same ADOM? Great video and fantastic explanation! Thank you!

Thanks for this!

Very helpful video, nice and clear, thanks.

Commendable attitude on sharing your knowledge my brother, but i got a question that is bothering me and acctually made me stuck with the firewall study. I got an Fortigate 7.4 running in VMWare, and there is a LAN segment where i put the VMs i'm using as a lab, and even with he Fortinet_CA_SSL.cer installed on both OS and browser, i still got the same error, and it does not allow me to "Accept the risk and continue". I've litterally have done only this, created a permissive policy and added the SSL inspection, as soon as i turn off the inspection, it turns back to work propperly. THE ERROR "Firefox detected a potential security threat and did not continue to www.google.com because this website requires a secure connection." Thank you for your content, hope you see my comment, peace for you my man.

Great video!

Good video! In my case when i enable the proxy arp, there's no need to configure a policy because allows all traffic automaticaly. I don't want to allow all the traffic, but when i create the policy it still allows all, any suggestions?

Like the video but increase the font size on the cli

Can I set up security fabric without FortiAnalyzer?

unfortunately many countries like china use DPI in order to filter the internet

Can you please help me with setup ZTNA + NPS extension (AZURE) to provide the MFA when HTTPS and TCP forwarding ZTNA?

Thank you!

Awesome work! Keep it going!

I'm really happy this feature got carved out of the DLP feature

Very helpful examples!

Hopefully we get to enjoy Web Filtering for a while longer before Encrypted SNI grows in adoption and will start to require Deep Packet Inspection to work

many organizations don't realize the FortiGate (or any other NGFW) is way less powerful with Deep Packet Inspection, good points Chris.

we're starting to look into FortiFlex too at our MSSP. We're hinging on starting off using it as a flexible pool of points to spin up lab environments in a private cloud environment and "PAYG".

Great video, thanks for sharing. New subscriber

In my experience, customers rarely care about intra-VLAN communication. They should be caring though. Enabling this FortiGate/FortiSwitch-feature brings the neccesary extra visibility and enforcement controls like you showed us. Good video Chris!

Good find! Was it the following article you stumbled upon? belegdal.wordpress.com/2019/03/11/serial-access-to-fortiswitch-108d-via-netcat/

While being aware of the CTAP program, I haven't used it. Maybe I should have. Thanks for showing us how the process looks, very interesting!

When I initially encountered FortiDeceptor as a new product, I was quick to label it a honeypot. Since it came out, it has definitely proven itself way more capable than just a honeypot.

having this kind of device posture / compliance checking for network-level access to a network resource is killer and I bet we'll see a steep rise in the adoption of technologies like these moving forward

I've had the pleasure of meeting Vincent during an Xperts event in the Benelux on FortiPAM, very smart guy and loved listening to his presentation.

UDP support for ZTNA (TFAP? UFAP?) along with pre-logon connectivity would be game changers

wondering if Fortinet is using their own "Endpoint Vulnerability" signatures for this scanning or a third party engine, and if Fortinet will ever (re)publish a network-based vulnerability scanner for self hosting.. :)

these screens are huge!

Looking forward to the existing and future content!

hey bro, thanks for these

What are the requiremnts so that one will be working FORTINET TAC support