Currently Browsing: Fortinet

Fortigate IPS

Fortigate IPS – Intrusion Prevention System

IPS is a way to stop malicious users to attack your Server/PCs by using exploits or any other kind of attacks.

The IPS from the Fortigate uses the following 2 to help you prevent attacks:

1. Protocol Decoders – are used to define abnormal traffic

2. Signatures – it uses already defined signatures to catch malicious traffic.


IPS Sensor


Fortigate and WCCP

Web Cache Communication Protocol – WCCP
Fortigate is compatible with WCCP protocol version 2 and can be configured on the Fortinet Firewall to optimize web traffic.


WCCP architecture

1. Routers (responsible for redirecting to the WCCP Server)

2. Web Cache – cluster of server

3. Service Groups – this is used to identify sensitive traffic and encapsulates methods between endpoints in the config.



Fortigate Traffic Optimization

Fortigate is capable of Traffic Optimization, isn’t that cool ?

The following are the things that can affect the Network and Application Performance

1. Bandwidth

2. Latency

3. Throughput

4. Congestion

5. Packet Loss


The Fortinet Firewall is capable of dealing with all of them by using WAN Optimization Technique:

1. Protocol Optimization

2. Byte Caching

3. Web Caching

4. Transparent proxy


1. Protocol Optimization

It’s an application technique to improve performance of HTTP, CIFS, FTP, MAPI and TCP protocol traffic.

I guess you know all of them except CIFS. This is a common internet file system protocol – provides file access, recoring, change notification etc


Fortigate Routing

In this article i will describe some routing capabilities that Fortigate has.

Routing Protocols


Fortigate is capable of many routing Protocols:

1. Static Routes (not really a routing protocol 😉 )

2. BGP

3. RIP



The Fortigate Firewall has also a Routing table 1that displays all the learned routes and also a FIB table. You might know about FIB from the Cisco CEF.

Routing Features: 


The FIB contains all local and non-local routes that are known to the Device. It is populated by the routing table and in the High-Availability mode FIB is replicated among the clusters, but only the Master builds up the FIB, based on the routing table.

Reverse Path Forwarding (RPF)

This is used for anti-spoofing protection. You can find more about Reverse Path Forwarding here.

Bidirectional Forwarding Detection (BFD)

This is used to deal with dynamic routing protocols problems, of not having a fine granularity for detecting device failures on the network and re-routing around those failures. This works like the “hellos” of the OSPF routing protocol, but it actually connects to the router.

Default Administrative Distances for Fortigate:

1. The Fortigate Firewall assigns an AD of “20” to EBGP routes.

2. Static Routes have an AD of  “10”

3. Connected Routes have an AD of “0”

4. When you configure the BGP protocol a default route-map is created to make the AS non-tranzit (cool feature)


If you have any questions please ask.



Fortigate Conserve Mode – How to stop it and what it means

The Fortigate Firewall has more diagnostic tools, but you will mostly be faced with the following problems:

1. Conserve Mode

This problem happens when the memory shared mode goes over 80%.
To exit this conserve mode you have to wait (or kill some  of the processes) until the memory goes under 70%.

2. Antivirus FailOpen

This is a safeguard feature that determines the behavior of the Fortigate AntiVirus System, when it becomes overloaded with high traffic.

To mitigate this you have more type of options:

#set av-failopen { off | on-shot | pass | idledrop}

Below we will describe what all of them do:

a. Off – if the FG enters conserve mode, the Fortigate will stop accepting new AV sessions, but will continue to process currently active sessions