Blah, Cloud.

Adventures in architectures

  • Twitter
  • GitHub
  • Home
  • Blog
  • Kubernetes on vSphere
  • Multi-tenant IaaS Networking
  • Me
    • About
    • CV
    • Contact
Home » fortigate

Enabling IPv6 with DHCPv6-PD and PPPoE on a Fortigate

18/06/2017 by Myles Gray 11 Comments

Out of morbid curiosity (and lack of IPv4 public address space available to me), I decided I wanted to enable IPv6 in my lab. However, before taking the plunge there, I would try it out on my residential ADSL line, I use the same brand of firewall there as in my lab so the experience […]

Filed Under: Infrastructure, Networks Tagged With: fortigate, ipv6, networking

Setting up Duo 2FA for Fortigate admin authentication

31/08/2016 by Myles Gray 8 Comments

I protect any account I have with two factor auth, at least the ones that support it (this site for example has 2FA for admin logon), it’s not that inconvenient (especially not with Authy/Duo) and greatly increases security of your critical accounts. Let’s start with the endgame: However, I haven’t protected my publicly accessible firewall […]

Filed Under: Networks, Security Tagged With: duo, fortigate, ldap, security

Specifying outbound NAT address for policy on a Fortigate

19/06/2015 by Myles Gray 10 Comments

Sometimes you need your devices (say an SMTP server) to have a specific outbound public IP for things like reverse-DNS look-ups to ensure mail delivery and reputation, or maybe you want traffic from particular devices or policies to go out an IP for means of tracking. It is not immediately obvious on Fortigates how to […]

Filed Under: Networks Tagged With: fortigate, IP Pools, NAT

Fortigate Unnumbered IP against PPPoE Interface

12/06/2015 by Myles Gray 1 Comment

Ran into some very strange behaviour on a BT Business Fiber connection with PPPoE and static IPs assigned by the ISP on a Fortigate firewall. A site-to-site IPSec VPN was required, however the tunnel kept terminating as BT assign a dynamic address with the PPPoE connection, then the static IPs are typically ingested through the […]

Filed Under: Networks Tagged With: firewall, fortigate, static ip, unnumbered ip

Fortigate High Availability – Active/Active – Part 2 – Implementation

16/02/2014 by Myles Gray 6 Comments

In Part 1 we got the prerequisites sorted out for the HA (removed all PPPoE or DHCP address assignment from the FG boxes and VLANed a switch to split the inputs between both boxes). Part 2 is considerably easier, the cabling had been done for the VLANs now we had to designate 2x ports as […]

Filed Under: Infrastructure Tagged With: fortigate, high-availability, networking

Fortigate High Availability – Active/Active – Part 1 – Preparation

11/02/2014 by Myles Gray 5 Comments

I recently set up 2x Fortigate 200B units to run in HA Active/Active mode, this posed a number of challenges: HA doesn’t work if any interfaces use PPPoE or have an address assigned via DHCP How do I effectively split our network communications between both units? Challenge 1 The main problem was that both the […]

Filed Under: Infrastructure Tagged With: fortigate, high-availability, networking

Changing Fortigate from Switch mode to Interface mode

11/02/2014 by Myles Gray 18 Comments

Fortigate units (the big ones at least) come configured in what is called “switch mode” meaning it groups a number of interfaces together and makes them act as a switch, serves DHCP over these interfaces, etc. Most companies don’t like to use this – instead if we want to up our throughput for a given […]

Filed Under: Infrastructure Tagged With: fortigate, networking

Enabling disk logging on Fortigates

02/12/2013 by Myles Gray Leave a Comment

Fortigate’s logging typically isn’t the best – but it’s bad when you have no logs at all, which seems to be the default. To enable logging Why not follow @mylesagray on Twitter for more like this!

Filed Under: Hardware, Infrastructure, Software Tagged With: fortigate, logging, syslogd

Syslogd on FortiOS 5.0.4

18/09/2013 by Myles Gray 13 Comments

Again, Fortigate’s documentation falls down at the simplest of things, this time, syslogging – To get your Fortigate to log to a syslogger (like Kiwi/Splunk) you’ll need to go in via the CLI as they have removed this option from the GUI as of FortiOS v5.0. Log in via shell and enter the following: config […]

Filed Under: Hardware, Infrastructure Tagged With: fortigate, splunk, syslogd

Change MTU to support Jumbo Frames in FortiOS

09/09/2013 by Myles Gray 5 Comments

This info is quite hard to come across and Fortigate don’t have it in their GUI from FortiOS v5.0+, SSH into your Fortigate’s CLI and enter the following (it can be done on both software aggregated and standard interfaces): config system interface edit [interfacename] set mtu-override enable set mtu 9208 end end Confirm your MTU […]

Filed Under: Hardware, Infrastructure Tagged With: fortigate, jumbo frame, mtu

Myles Gray

Hi! I'm Myles, and I'm a Dev Advocate at VMware. Focused primarily on content generation, product enablement and feedback from customers and field to engineering. Read More…

Categories

Tags

active directory authentication CBT cisco datastore dell design esxi fortigate iscsi jumbo frame kubernetes lab linux load-balancing lun md3000i mtu networking NginX nic nsx openSUSE osx pxe readynas san sdelete serial teaming ubuntu vcenter vcloud director vcsa vexpert video VIRL vmdk vmfs vmware vsan vsphere vsphere 6 vsphere beta windows

Subscribe to Blog via Email

Copyright © 2021 · News Pro Theme on Genesis Framework · WordPress · Log in