Fortigate Tutorial – Logging and Alerts

Here is the 2nd Tutorial that i created, hope you enjoy this one too.


Logging and Alerts 

[singlepic id=3 w=320 h=240 float=]

Fortigate can store its logs in the following:

1. Local HDD – this option can be enabled from the CLI

2. FortiAnalyzer – this is my favorite. It is a device to which Fortigate sends all the logs and then you can create pretty reports.

This option can be enabled by providing the IP of the FortiAnalyzer(FA) or by using “Automatic Discovery”, but for the automatic discovery you will need to have the FA in the same subnet as the Fortigate.


Fortigate AntiVirus and AntiSpam


Fortigate AntiVirus and AntiSpam


As we all know Fortigate provides a lot a features for only one device.

Let’s see how some of them work:

I. AntiVirus 

This tool scans the traffic and applies the following rules:

1. File size – if a file is large that what you define, then this gets dropped

2. File pattern – if a file matches a pattern, it get dropped

3. Virus scan – it scans a file for virus, if it gets a positive then it gets dropped

4. Grayware – scans for grayware programs

5. Heuristic – scans with an heuristic algorithm

6. File type – you can define some types that gets dropped


II. AntiSpam


Fortigate Tutorial – Default Protection Profiles


Fortigate Tutorial 3 – Default Protection Profiles


So you just started using your Fortigate and got the hang of it. You found out that it has some default Protection Profiles.

This tutorial will help you explain the Default Profiles that Fortinet sent its powerful firewall.


1. Strict

This profile applies default protection profiles for HTTP, FTP, IMAP, POP3, SMTP traffic

This protection profile is not normally used since it is to “harsh”

2. Scan

This one is good for virus scanning for the following network traffic: HTTP, FTP, IMAP, POP3 and SMTP traffic.

If your FG has a HDD then if this protection profile catches a virus it will automatically quarantine it.

3. Web

The Web protection profile applies virus scanning and web content blocking to HTTP traffic. This one is the one to use in case you do not define it yourself (as i do 😉 ).

4. Unfiltered

This is pointless. It doesn’t scan or block anything.


Hope this tutorial helped you.

Thank you,



Fortigate Tutorial – Firewall Default Settings


Fortigate Tutorial 1 – Firewall Default Settings

You just bought a Fortigate? I want to tell you from the beginning GREAT PICK!

Much easier to use than the Cisco ASA and a more friendly GUI then ASDM.

[singlepic id=2 w=320 h=240 float=]

So now you added your Fortigate(maybe 50B like in the pic) to the network and you do not know where to go next?


Here are the default settings for almost all of the Fortigate Firewall:





DHCP is enabled by default on the internal interface with the following scope: till

Default username: Admin

Default password: <none>


Now you can connect to the firewall with SSH on port 22 and go from there.

Hope you enjoy the Fortigates as much as i do.


See you in the next tutorial!



Fortigate Troubleshooting – VPN


This is my first post regarding troubleshooting Fortigate devices.

To troubleshoot the Fortigate VPN configuration we will use the following commands:

#diag debug enable
#diag debug console timestamp en #this command shows the time-stamp
#diag debug app ike -1  <- used for v4.0MR1 #diag vpn ike log-filter dst-addr4 <-used from v4.0MR2 to the latest version #diag debug app ike -1

<IP_PEER&gt <- is the ip of the remote peer.


To disable the VPN logging we can use:

#diag debug disable
#diag debug console timestamp dis
#diag debug app ike 0

The following commands show the active VPN tunnels:

#diag vpn tunnel list
#diag vpn gw list