Thursday, October 1, 2015

HA Console authentication when using remote Auth

When you login to the CLI via a RADIUS or TACACS account and you then use "exec ha manage 1" to manage the subordinate unit you have to re-enter your user credentials.
I remember seeing this in my TAM days. I'll submit a feature request to have the authentication carried over.

Friday, August 21, 2015

Disable SSL VPN Portal

Here's one for the serious customizer.
If you are wanting to only accept IPSEC VPN connections via FortiClient and you don't want/need the SSL VPN portal here's the CLI config for turning off the SSL VPN page.

config vpn ssl settings
 set sslvpn-enable disable
end 

Wednesday, August 19, 2015

Wow .. it's been a while :)
Haven't worked at Fortinet since January of this year. But my new gig just invested in Fortinet equipment. So stay tuned for new posts!

Monday, November 3, 2014

HA with different revision hardware

There may come a time when you have rev.1 and rev.2 hardware of a particular platform that you're trying to form an HA cluster with. To successfully accomplish this you need to tell the firewall to ignore the difference in hardware revision.

In FortiOS 4.3 and earlier:
config system global
set ignore-hardware-revision enable
end

In FortiOS 5.0 and later:
exec ha ignore-hardware-revision enable
exec ha ignore-hardware-revision status