One of the things to keep in mind is that annual support costs (A/V, IDS/IPS updates, hardware maintenance) are based around the list price of the hardware itself. When the time comes to renew your Fortinet support take a close look at how much money you're spending on support versus the cost of newer, faster hardware.
I was amazed to see that for the same cost of renewing support on a Fortigate 800 we were able to purchase a new Fortigate 310B system, including a year of bundled support.
Just sayin .. :)
Tuesday, February 14, 2012
Tuesday, January 24, 2012
Log uploads in realtime (FortiOS 4.0 MR3)
After upgrading several firewalls to 4.0 MR3 I noticed that by default the logs are no longer sent to my FortiAnalyzer unit in realtime. Instead they are scheduled to upload to the FAZ once per day.
If, like me, you are relying on these logs to provide realtime visibility into your network here is how to turn realtime logging back on.
On the CLI (really, Fortinet??):
config log fortianalyzer setting
set upload-option realtime
end
This is only available on smaller units, such as the FG60C and FWF60C.
On units such as the FG200B and FG310B the "set upload-option realtime" switch does not exist, thus defaulting to realtime logging to FAZ or Syslog.
If, like me, you are relying on these logs to provide realtime visibility into your network here is how to turn realtime logging back on.
On the CLI (really, Fortinet??):
config log fortianalyzer setting
set upload-option realtime
end
This is only available on smaller units, such as the FG60C and FWF60C.
On units such as the FG200B and FG310B the "set upload-option realtime" switch does not exist, thus defaulting to realtime logging to FAZ or Syslog.
Friday, January 20, 2012
The cmdb add entry failed
I recently started noticing that when I try to add objects, policies, etc to one of our firewalls I receive an error dialog of "The cmdb add entry failed." After doing some research on the knowledge base the most likely explanation was related to memory utilization on the Fortigate.
There are a number of ways to resolve the problem, although they are all temporary until Fortinet comes up with a fix.
There are a number of ways to resolve the problem, although they are all temporary until Fortinet comes up with a fix.
- Reboot the firewall
- In Firewall -> Policy -> Protocol Options modify your scan profile(s) and reduce the file Size Threshold down to 2MB from 10MB.
- From the CLI you can run "diag sys top 1" and figure
out which processes are using the most memory (right most column in the process list). You can then restart the
processes using "diag test app
99 ", so for example "diag test app ipsmonitor 99" if the IPS engine is running high.
Friday, October 21, 2011
Questions for the "Eggspehrts"
Got any burning Fortinet questions you want to ask?
Post them in the comments and our panel of knowledgeable Fortinet users will try to answer them.
Post them in the comments and our panel of knowledgeable Fortinet users will try to answer them.
Labels:
tips+tricks
Subscribe to:
Posts (Atom)