Automating FortiGate quarantined IP's to Threat Lists
An articale about FortiOS RESTApi's & FortiOS quarantined information to threat list automation…
eCRE certification
a review of the ARES/REP and the eCRE certification from eLearnSecurity…
Routing Convergence on FortiGate HA clusters
Routing convergence and therefore post FGCP HA failover sessions maintenance can be somewhat of a challenge. Here's my view on it..…
Rerverse Web Filtering might give you data...
Serving information's behind FortiGate's, I thought about why not actually leveraging Web Filters on my HTTP/HTTPS access granting policies. This in order to enforce possible requests toward a single domain name uniquely. It turns out that denying access based on Reverse Web Filtering wasn't really suitable to my requirements,…
vLANs inside VXLAN over IPsec
I've recently posted a quick post on LinkedIn about a feature from FortiOS 6.2. It turned out I've received many private messages asking for more in-depth information. Hence this article. Let's dissect a bit how we could leverage this on FortiOS: Using set encapsulation vxlan on an IPsec phase1…
Editing, adapting and replaying PCAP'ed traffic.
I've been recently tasked with the analysis of 3rd party provided sniffed traffic. The task consisted of replaying captured traffic through a FortiGate in order to potentially match triggered Application Control signatures.…
Inject FortiGate IPS logs source IP's within Threat Feeds
A quick article on how to extract FortiGate IPS logs source IP's. You can quickly export your IPS logs entry from your FortiGate units directly from the GUI. From Log & Report > Intrusion Prevention: You'll gather a text based log file containing complete log entries per events, something like…
Defeating most automated attacks using a custom IPS signature.
a simple custom IPS signature could avoid many malicious attempts targeting your open HTTP/HTTPS connectivity from the internet.…
Setting your default wanted columns on your FortiGate policies/GUI
This will be a quick one, I've recently found out about this cool possibility within FortiOS. You can select your default wanted Policies Columns displayed within the GUI. This setting is per vDOM though. In this example, I'm adding the Active Sessions column per policies: config system settings set gui-default-policy-columns…
Clean-up your traffic with a FortiGate Transparent vDOM
In order to simplify my Mr. Proper policies management, I thought about why not instantiating a FortiGate Virtual Domain implemented as L2/Transparent in order to leverage the dirty job of cleaning all the inbound traffic just ahead of my main NAT/Route vDOM.…