Category Archives: Fortinet

OSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto, Quagga

Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, Palo Alto, and Quagga Router. I am showing my lab network diagram and the configuration commands/screenshots for all devices. Furthermore, I am listing some basic troubleshooting commands. In the last section, I provide a Tcpdump/Wireshark capture of an initial OSPFv3 run.

I am not going into deep details of OSPFv3 at all. But this lab should give basic hints/examples for configuring OSPFv3 for all of the listed devices.

Continue reading OSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto, Quagga

Policy Routing on a FortiGate Firewall

This is a small example on how to configure policy routes (also known as policy-based forwarding or policy-based routing) on a Fortinet firewall, which is really simple at all. Only one single configuration page and you’re done. ;)

Continue reading Policy Routing on a FortiGate Firewall

IPsec Site-to-Site VPN FortiGate <-> FRITZ!Box

Hier kommt ein kurzer Guide wie man ein Site-to-Site VPN zwischen einer FortiGate Firewall und einer AVM FRITZ!Box aufbaut. Anhand von Screenshots zeige ich die Einrichtung der FortiGate, während ich für die FRITZ!Box ein Template der *.cfg Konfigurationsdatei bereitstelle.

Continue reading IPsec Site-to-Site VPN FortiGate <-> FRITZ!Box

Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo

Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.

Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.

Continue reading Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo

Site-to-Site VPNs with Diffie-Hellman Groups 19 & 20 (Elliptic Curve)

Similar to my test with Diffie-Hellman group 14 shown here I tested a VPN connection with elliptic curve Diffie-Hellman groups 19 and 20. The considerations why to use these DH groups are listed in the just mentioned post – mainly because of the higher security level they offer. I tested the site-to-site IPsec connections with a Juniper ScreenOS firewall and a Fortinet FortiGate firewall. (Currently, neither Palo Alto Networks nor Cisco ASA support these groups.)

Continue reading Site-to-Site VPNs with Diffie-Hellman Groups 19 & 20 (Elliptic Curve)

IPsec Site-to-Site VPN FortiGate <-> Cisco Router

This blog post shows how to configure a site-to-site IPsec VPN between a FortiGate firewall and a Cisco router. The FortiGate is configured via the GUI – the router via the CLI. I am showing the screenshots/listings as well as a few troubleshooting commands.

Continue reading IPsec Site-to-Site VPN FortiGate <-> Cisco Router