Tags: Fortigate

Disable SIP Fixup Protocol

Disable SIP ALG on FortiGate. FortiGate CLI (only) #config system settings #set sip-helper disable #set sip-nat-trace disable ! reboot the Fortigate # exec reboot ! Log back in, CLI. Locate the session-helper number, typically 12. #config system session-helper #show #delete 12 ! Disable RTP – #config voip profile #edit #default #config sip #set rtp disable […]

Read More…

Fortigate Policy Sectional View Missing

Logging into a Fortigate (v4.0,build0513,120130 (MR3 Patch 5)), you may lose the “Sectional View” option. Typically this is caused by a bug prior to MR3p4 or having policy interfaces set to “any” “any”. settings on any policies to prevent it either. How do I get sectional view back? Fix? # config system global # set […]

Read More…

SSL Clients accessing remote networks

Came across the need to allow SSL VPN clients access to remote networks beyond the SPOKE Firewall. In this instance, we have an IPSEC LAN-2-LAN VPN Tunnel between two points, we’ll use the name HQ & Sister-Company. A remote user accessing the HQ Firewall needs access to the Sister-Company file server. Instead of configuring another […]

Read More…

Extended Ping – PART II FORTINET

Fortinet has the same ability to ping from a particular interface.  On a Fortigate, simply enter in the CLI Assumptions: Internal: 192.168.42.1 DMZ: 192.168.100.1 WAN1: 10.10.100.254 Customer Side Network: 172.15.30.1 # exec ping-options source 192.168.100.1 (The interface IP you want to source from – in this case the DMZ interface) # exec ping 172.15.30.1 Pings […]

Read More…