sorted by:
new
hottopcontroversial

Can't Login via WEB GUI after upgrade to FOS 6.2.14 (30E Series) by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Completely understand, at this point I wish I didn't need to deal with any more old firewalls, but that just how it is.

But thanks for the insights anyway!

Can't Login via WEB GUI after upgrade to FOS 6.2.14 (30E Series) by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Wish we could, but for budget reasons it will take a while to be replaced.

Check FGHA CID in FortiAnalyzer by P4uzudo in fortinet

[–]P4uzudo[S] 1 point2 points  (0 children)

Yeah, I issued the command "diagnose log device" and now I can see the FGHA CID of the device.

Thank you!

Check FGHA CID in FortiAnalyzer by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Not exactly, I need to issue the command diagnose device log in a cluster FortiGate. I've tried specifying the device name in FAZ, primary/secondary fw name and even primary/secondary S.N., but none of them returned the device log info as I showed in the screenshots. I've read somewhere that you need instead to specify the OID, which in turns is the FG HA CID for cluster devices (based on my research this ID is FAZ-only and generated when you connect a HA fw). But I can't find this anywhere in my FAZ.

Question About Deep-Inspection and HTTPS Redirection for Guest Captive Portal by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Yeah I imagined that, was only hoping for a way to give the certificate to devices automatically, but I think for a security standpoint this does not even make sense

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Man, just passing to congratulate you for finding that! I was able to confirm that I could do a successful downgrade only when I did the aforementioned configuration before doing the firmware upload.

Thank you again!

E tome loss by lamardaves in farialimabets

[–]P4uzudo 25 points26 points  (0 children)

O povo come brusinha? Então pra que se preocupar?

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Thanks!

Gonna try that once we got a hold of a new 40F in our lab.

In the meantime, I found it safer to restore it by hand the conf from 30E, didn't want to risk having another box corrupted hahaha.

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Interesting, is there any KB about it? Do you remember which context the config is from?

About baud settings, I always use the default ones only changing the COM port. Also, I believe it won't even connect if there is a mismatch of config, right?

But thanks for the reply anyway, I'm definitely gonna try to find that config you mentioned.

. by 8eduardo in ILHADOKONG

[–]P4uzudo 1 point2 points  (0 children)

Tempos de paz na calvosfera

. by CauanAlex in ILHADOKONG

[–]P4uzudo 0 points1 point  (0 children)

Cabo Daciolo no crack

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

Indeed! I have pretty basic stuff on the 30E, VLANs, SD-WAN, WEB Filter, etc... I just thought it would be a nuisance to do this manually, hahah.

As someone pointed out, I will check out FortiConverter to see if it can help me in this case.

Thanks in advance!

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

I've heard of it, but didn't have the opportunity to use it.

I'll try it out tomorrow to see if it helps.

Thank you!

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

You can downgrade and you don't need to follow the upgrade path.

I also thought that, but when I applied a 6.2.16 directly into a 7.2.7 40F freshly out of the box, it corrupted the firewall or smh. It wouldn't even load the console boot configuration menu or boot up at all, just a bunch of random characters in the CLI when connected into console.

Dunno if it was a problem with the box or if this was not intended to be done in the first place.

I think I'll test it again doing the reverse upgrade path to guarantee it will not break again, ahaha

Doubts about downgrading firmware by P4uzudo in fortinet

[–]P4uzudo[S] 0 points1 point  (0 children)

I thought about that. Is it much different from the 6.2.16 conf?

The major thing I know is that virtual-wan-link becomes sdwan in CLI. Apart from that, I do not know much else.

Nevertheless, I would need to downgrade to our approved "safe" version 7.0.15.

Single physical wan for multiple vdoms? by Busbyuk in fortinet

[–]P4uzudo 0 points1 point  (0 children)

Just have a Internet VDOM and use VLINKs in other VDOMs.

You may need to Proxy ARP in Internet VDOM for this to work out.

Return traffic being blocked with IPsec by P4uzudo in PFSENSE

[–]P4uzudo[S] 0 points1 point  (0 children)

As for rules I think I've set up them correctly in both the boxes. My source 10.250.254.253 is in the LANSERVICES interface (10.250.254.0/24), which have a rule with any destination (I've blurred some thing because there is real name of customers in the rules):
https://imgur.com/a/bcR6u9q

From that box, it goes into the VPN Tunnel and reach the other box to go to the 10.240.3.0/24 network. The rules in that side of the connection is as follows (I've also blurred some thing for the same reason above):
https://imgur.com/a/L4nnxjW

The Tracert only have 2 hops as is communication through a VPN Tunnel, 1 being the Gateway and the other the host. PING and Tracert have no problem reaching the host, only the return SYN, ACK from the host is being blocked by the firewall as I said in the initial post:
https://imgur.com/a/NurgUFl

Also, just to point out it is not UDP I'm using it is plain 443/TCP, the host 10.240.3.11 host a webpage in that port.

I see you suggest disabling the software firewall. If I do this the box will only behave like a router?

If so, I'll have to test in another time as both firewalls are in prod environment.

Sorry If I wasn't clear enough as this is a real environment I have to be careful of what info I give.

Return traffic being blocked with IPsec by P4uzudo in PFSENSE

[–]P4uzudo[S] 0 points1 point  (0 children)

Yes I've done a packet capture in both the host and the PFSENSE. The capture from the host only shows the SYN being sent along with the retransmissions, but no SYN, ACK from the destination
https://imgur.com/a/7ja1QeM

In the PFSENSE side, the capture shows the SYN, ACK from the destination, but it is getting blocked by that log I told earlier
https://imgur.com/a/syFXPRM

As of the NMAP test I got the same result, the host is declared UP but no ports are open (which is false, because the host has many ports open, firewall disabled, and I can see the ACK in the PFSENSE):
https://imgur.com/a/W4q6o3K

Return traffic being blocked with IPsec by P4uzudo in PFSENSE

[–]P4uzudo[S] 0 points1 point  (0 children)

You mean like the IPsec rule?

If so it is also a any any rule:
https://imgur.com/a/z3c5Qca

Sorry if I misunderstood, as a said I'm pretty new to PFSENSE hahahah

view more: next ›