What are the differences between central SNAT and DNAT and the policy based regular NAT that a lot of people use?
Central Source NAT and Destination NAT
2 Replies
Category Archives: Questions
Why You Should Use Network Segmentation
I got a question in my email asking me why people should bother using network segmentation. Watch the video below to get more details.
What is the difference between the 0 models and the 1 Models.
FortiGate marketing isn’t always on point. Let’s face it, a lot of people got confused with the naming convention on the E models back in 2016. This covers some basics that will hopefully provide insight so you can buy the right device for you.
Gaming Consoles Having Matchmaking Issues With FortiGates
A lot of people that have fairly strict policy sets end up having matchmaking issues with their gaming consoles when behind a FortiGate. I discuss two methods to resolving this issue. Videos are going to start discussing a lot more architecture driven topics to help ensure everyone is building the best network possible!
Can Greylisting be used in an active-active High availability FortiMail enviroment
Received the below question regarding Greylisting in an Active – Active HA environment. The answer is below as well!
Can Greylisting be used in an active/active High availability enviroment (with 2 mx records pointing to 2 fortimails)?I mean:When an email comes and gets greylisted by fortimail#1, if the second attempt comes to the other fortimail (fortimail#2)what happens? It will be graylisted again?So we have this scenarios:Hope 1) mail comes, gets greylisted FM1 mx1 –Hope 2) mail comes again, is cleared FM1 mx1 –Hope 3) mail passesHope 1) mail comes, gets greylisted FM1 mx1 –Hope 2) mail comes again, gets greylisted FM2 mx2 –Hope 3) mail comes again, is cleared FM1 mx1 – or FM2 mx2What will haped in scenario 2 ?Will email be delivered always?What will happen if we have 3 or 4 or more fortimails?Hope 1) mail comes, gets greylisted FM1 mx1 –Hope 2) mail comes again, gets greylisted FM2 mx2 –Hope 3) mail comes again, gets greylisted FM3 mx3 –Hope 4) mail comes again, gets greylisted FM4 mx4 –Sender gives up????
My response is as follows:
No, it is not recommended to use grey listing in active/active deployments. Grey listing data is not shared, at this time.
Sucks, hopefully they will make it available in future versions of the FortiMail FortiOS
How to see errors and discards on FortiGate interfaces
Question: How do I go about seeing interface statistics such as discards, errors etc?
I get this question a lot and figured I would make a post about it to help the masses. There is a simple way to do this. In the CLI there is a command called “fnsysctl” that you can expand upon. For example, you can type “fnsysctl ls” and get a drill down of directories. To see interface statistics you can use this command with the following expansion:
“fnsysctl ifconfig <interface name>” to see the information you are looking for. For instance, “fnsysctl ifconfig wan1”
Give it a try on your FortiGate now to see the output and learn how to use it for troubleshooting 🙂
FortiClient Issues With Mac OS Sierra
A client of mine stumbled across this issue and after some digging it appears to be fairly common. In my experience, FortiClient tends to have more issues with Mac OS in general. For this particular problem though I have had success by rolling back the FortiClient. Downloading the latest from FortiClient tends to be the spot where most people run into issue. Not sure what it is about the older versions that work versus the new one but it is an obvious bug.
If you are sitting around waiting for it to be resolved I wouldn’t get your hopes up. Fortinet tends to be a little slower resolving MAC related issues with the FortiClient software when compared to Windows etc…..guess we can chalk that up to market share.
Anyways, roll back your client to an earlier version and see if that resolves the issue for you. I would give you a specific version to roll to but it seems to vary from environment to environment.
Thing To Remember: Sierra is brand new, so the issues, obviously, may not be on the FortiClient side (at least not completely).
Indexing of Old Archived Logs on FortiAnalyzer
Question: The FortiAnalyzer divides logs into indexed and archived. Once an old log is archived, can this be brought back in order to be indexed?
Answer:# exec sql-local rebuild-db
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36458
Awesome tip from Paulo R on the Fortinet Forums. See the thread by clicking here