Category Archives: Fortinet GURU

FML my hand hurts

So about 10 years ago (August 18, 2006) I wrecked the shit out of my motorcycle on the interstate. In an effort to prevent my face from become road gravy I had my hands pushed out in front of me in order to elevate my face and torso. This worked wonders for saving my pretty face but wrecked the mess out of my palms. I got the steel brush treatment while biting wood (even though I was incredibly high on morphine). Thought all was well. Wounds healed up decently and I had some relative scarring. (no broken bones though some how, which is great considering I hit the pavement at 70 MPH). I had this bump on my right palm that always felt like a rock or piece of gravel. Never thought about it. Figured my body would push it out if that were the case.

Fast forward ten years. My hand sometimes gets sensitive like a slight paper cut in the area where the bump is. This is normal and doesn’t bug me. Yesterday, my hand became very agitated and tender. Today, the pain is radiating through my hand and up my arm. The culprit is that little piece of shit in my palm. Anyways, I get to go to the surgeon on Thursday to get a consultation to see about cutting whatever it is and whatever is surrounding it out.

Moral of the story, go to the damn doctor if something isn’t 100%. My doc thinks it is a neuroma which is just a tumor of nerve cells. Normally this is benign but shit, I’m nervous anyways. Oh well!

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Steady Lab Progress

2 Replies

I am in the process of finishing up the lab to enable me to pump out some quality how to videos. This weekend I will start recording and putting the videos on Youtube. Pretty stoked.

OBS Installed Videos Coming Next Week

Leave a reply

So I got OBS (Open Broadcasting Software) installed on my rig and all configured. That means you guys are REALLY close to getting some videos that are going to feature my ugly mug, my southern voice and some pretty groovy Fortinet tips and tricks. Pretty excited to be able to share the knowledge I have and engage with you all when it comes to Fortinet hardware and software.

Also, the Forums will be up soon so we can have live conversation and interaction a little better than just using the Comments section of the blog!

Fortinet GPC 2017 In Vegas!

Leave a reply

Had lunch with some Fortinet big wigs last week and I completely forgot to relay this little tid bit of information that some of you may not have known. Fortinet GPC (Global Partner Conference 2017) is going to be in Las Vegas. Pretty damn stoked as I have never been before and I plan on having a blast. I missed GPC 2016 due to the birth of my daughter. I made a lot of excellent memories on the cruise ship for GPC 2015 though. I look forward to seeing some of my friends from the boat in Vegas in 6 months!!!!

Custom Original Videos Coming Soon!

Leave a reply

So I have my rig setup with OBS (Open Broadcasting Software) and a camera now which should enable me to start making videos that will enable me to pump out some original content for you guys. I am pretty excited about this. I will be doing videos on various versions of FortiOS code as well as covering various tasks.

My goal is to create five videos a week that will provide some insight, guidance, or perhaps just general tips for Fortinet users out there.

I am also pretty tempted to start a podcast if people would be willing to listen. Yeah yeah, I’m from the south so I talk a little lower. Perhaps you guys would enjoy laughing at me while I do the show!

Racked Some New Gear

5 Replies

We got some new hardware in the other day that we decided to rack today. Nothing too fancy, a few FortiGate 300D’s for an HA cluster, a few FortiSwitches, A FortiManager 200D and a FortiAnalyzer 200D. This are replacing older antiquated 100C units that we have hacked (installed a SSD in each) and prodded until they just couldn’t keep up anymore. The below picture is a quick shot of the devices before cable management and full connectivity has been completed.

You could say we have a pretty strong affinity for Fortinet Hardware. Hopefully this shows a bit of it. What is NOT in the photo are the AP’s throughout and a few other items.

Policy Based IPSec and NAT

Leave a reply

Think of the little things

This is going to be a quick guide on things to check when your Policy based IPSec tunnels decide to not work properly with NAT enabled.

Have this client, they were getting ready to migrate a bunch of IPSec tunnels from one of their client’s firewalls. The firewall that was originally hosting these tunnels is a Dell Sonicwall (threw up a little in my mouth right there).

We get the tunnels loaded and all are working fine except for the ones that require NAT due to overlapping subnets.

Just a reminder boys and girls, when your settings APPEAR to be correct but things still aren’t working…..it’s going to be something simple.

It is always something simple!

When you create a phase 2 for your tunnels through the GUI certain parameters are predefined. This is fine if you are using a simple tunnel with no NAT being applied.

One of these settings is the “use-natip enabled” setting that comes swinging right out the gate. If you have never looked at your phase 2 through the CLI you wouldn’t even know this existed.

Proof is in the pudding:

There is nothing more frustrating than having your policy setup improperly (no NAT applied through policy) and the tunnel come up, but no traffic flows……but if you enable NAT in the policy all of a sudden no tunnel OR traffic.

The two conflict. So if you are doing policy based IPSec tunnels that ALSO happen to be performing NAT on the policy (which you can only enable on the policy through CLI by the way…) you are going to be in for a bad time until you turn off the NAT setting on the phase 2

In Conclusion:

I know this entire post is basically a giant run on sentence but I wanted to get it on paper as it was fresh in my head. I tend to forget things you know. By all means express your findings on these types of situations in the comments. Would love a healthy dialogue regarding these types of things! If I need to expand on anything to make it easier to understand please let me know. I am always available to answer questions.

Source Of Information

Leave a reply

Just to prevent any confusion. Administration Guides, Release Notes, and Data Sheets are directly from Fortinet. Apparently, someone believed that I was trying to pass this as my own original insight. Let’s face it, this site is 2 months old. There is no way I put over 2,000 pages of original content on this site in that time frame. Lets not be silly. That being said, original Fortinet GURU specific content is in fact posted here and will grow as the site develops. We take our experiences and post them here to provide insight while at the same time post reference material from Fortinet. Not everyone knows how to get their hands on the official Fortinet text and this site helps people find that information via the internet.

So in case anyone else out there is butt hurt, Nope, not all of this is mine, in fact, a very small bit of it so far is. I’m also not going to reinvent the wheel. Fortinet invented this stuff and developed documentation that explains in a pretty good manner how to handle various situations. I guess I could just read each paragraph and then reword it but that’s retarded.

So there you have it folks. The Administration Guides for each product, Release notes, and various other items that look like they are straight from Fortinet it is because they are. I thought that was pretty obvious but some people just need that shit spelled out. I am in no way trying to take credit for their work nor am I interested in you not visiting their sites. That is why I have them linked from the side bar and much of the content on this site has links to Fortinet directly in the content!