Currently Browsing: Fortigate

Fortigate CFG_CMDBAPI_ERR Error



It seems there is a new error that i found on a few Fortigate firewalls: CFG_CMDBAPI_ERR


To fix the issue you can do 2 things:

1. Upgrade the Fortigate to the latest version

2. Reboot the IPS of the Fortigate (this is was it causing the issue). Below is the command(through CLI):

diagnose test application ipsmonitor 99


Hope it helps!

Fortigate FortiOS 5 preview


I have found the following video on Youtube that presents the FortiOS 5 in 5 minutes.

The new features look really good.

Check it out:

What do you think?!

Creating a Fortigate VPN



In this post i will show you how to create a policy based Fortigate VPN. I will be using FortiOS version 4.0 MR3.

For the VPN tunnel we used the following topology:

Creating Fortigate VPN Steps:

I. Go to VPN > IPsec ->Auto Key (IKE) and select “Create Phase 1


Fortigate Directory Services Authentication

The Fortinet Firewall is capable of integrating with the Microsoft Active directory.

It can use the following Methods:

I. Fortigate FSAE/FSSO

This feature provides a transparent authentication for the users.


In the older version you can fin it named as FortinetFSAE, but in the new versions it appears are Fortinet FSSO.

The Fortigate FSAE/FSSO is composed of the following 2 softwares:

1. Domain Controller Agent

This software monitors the user login. This software is deployed on the Domain Controllers of the users domain. You can find it in C:\Windows\System32\dcagent.dll


Fortigate IPS

Fortigate IPS – Intrusion Prevention System

IPS is a way to stop malicious users to attack your Server/PCs by using exploits or any other kind of attacks.

The IPS from the Fortigate uses the following 2 to help you prevent attacks:

1. Protocol Decoders – are used to define abnormal traffic

2. Signatures – it uses already defined signatures to catch malicious traffic.


IPS Sensor


Page 1 of 512345