Short video answer to a question a user sent me about the best ways to block internet traffic for specific machines and devices.
Use zones and save your sanity! This video goes into some basic zone deployment to help consolidate policy and reduce the number of interface pairs on your policy page.
One of the things that I see a lot of people doing is leaving their policies super vague. This is all fun and games in a home environment where you don’t have any critical data but if you are running your business in this manner you may have issues coming up soon. Make your policies […]
How to debug the packet flow Traffic should come in and leave the FortiGate unit. If you have determined that network traffic is not entering and leaving the FortiGate unit as expected, debug the packet flow. Debugging can only be performed using CLI commands. Debugging the packet flow requires a number of debug commands to […]
How to perform a sniffer trace (CLI and Packet Capture) When troubleshooting networks and routing in particular, it helps to look inside the headers of packets to determine if they are traveling along the expected route. Packet sniffing can also be called a network tap, packet capture, or logic analyzing. If your FortiGate unit has […]
How to verify FortiGuard connectivity You can verify the FortiGuard connectivity in the License Information widget under System > Dashboard > Status. When FortiGate is connected to FortiGuard, a green check mark appears for available FortiGuard services. From CLI, execute ping “service.fortiguard.net” and “update.fortiguard.net”. Sample output: FG100D# execute ping service.fortiguard.net PING guard.fortinet.net (220.127.116.11): 56 […]
How to check wireless information Wireless connections, stations, and interfaces have different issues than other physical interfaces. Troubleshooting station connection issue To check whether station entry is created on Access Control: FG600B3909600253 # diagnose wireless-controller wlac -d sta * vf=0 wtp=70 rId=2 wlan=open ip=0.0.0.0 mac=00:09:0f:db:c4:03 rssi=0 idle=148 bw=0 use=2 vf=0 wtp=70 rId=2 wlan=open ip=172.30.32.122 […]
How to examine the firewall session list One further step is to examine the firewall session. The firewall session list displays all the sessions the FortiGate unit has open. You will be able to see if there are strange patterns such as no sessions apart from the internal network, or all sessions are only to […]