Posts Tagged ‘Fortinet’

We were trying to allow access to activate Office 365 from a closed bubble , deployed the Application Whitelists per below

Upon Office activation we were still getting the below :

 

Looking at the block in the end I had to whitelist the FQDN 

fs-wildcard.microsoft.com.edgekey.net

And the following App

The servers were using Protected View for IE and that as a default browser so I also had to add https://login.microsoftonline.com/ to Trusted sites

GD Star Rating
loading...
GD Star Rating
loading...

You have a device connected to a Router ( Fortigate for this case ) with two IP’s on different Subnets

Solutions

 

GD Star Rating
loading...
GD Star Rating
loading...
  1. Add new WAN interface, enable for Ping and HTTPS
  2. Add a new Static Route with the gateway of ISP with interface of above
  3. Make sure the distance is the same as the existing WAN interface( without the same distance it won’t appear in the routing table )
  4. Try and ping ISP Gateway from CLI
  5. Test Inbound access to https (on right port ) 
  6. Add Policies for new Interface Inbound and Outbound
  7. Make sure the priority is lower than the existing WAN connection for testing, when ready to match existing priority
GD Star Rating
loading...
GD Star Rating
loading...

Flick Master

*if on vdom : config global

diagnose sys ha reset-uptime

Restart Slave

 get system ha status

exec ha manage 1/0 ( Firmware 6.2 ) 

exec ha manage 1/0 %username% ( Firmware 6.4 ) 

Fix Synchronisation

diagnose sys ha checksum cluster

diagnose sys ha checksum recalculate

 

GD Star Rating
loading...
GD Star Rating
loading...

Recently I got hold of a Fortinet Lab FG-100D. The Fan in this unit is around 50db and not suitable for a lounge. The device is not licensed and out of support so I could ‘tweak’ it!

The quietest 4-Pin ( sending feedback back to to the Fortinet of fan speed so it can adjust ) 40mmx 20mm fan I could find was a NF-A4x20 with 15db of noise , however much-reduced airflow!

The NF-A4x20 comes with a different fan plug then the Fortinet Socket. The connect should match the other size , however a little pressure helps the fortinet socket accept this! 

The good thing about this fan is it also comes with a LNA ( Low noise adapter ) a cable that drops down the (voltage) speed of the fan. The 100D also has two power fan points. I was able to put the LNA on the original fan, then readjust the fans like below. I ran both for a week however sometimes the old fan would whir up, so I ended up disconnecting the original and left the NF-A4x20 and it has been stable!

 

 

GD Star Rating
loading...
GD Star Rating
loading...

Recently a few users had the following bounce backs from Office 365 to an On-Prem Mailserver with the error

‘550 5.4.316 Message expired, connection refused(Socket error code 10061)

Checking the logs in 365 of this, this was due to the Fortigate adding some 365 SMTP servers to the IPS Quantarine List

Removing these servers from the Quarantine and also removing IPS checking in the Policy of 365 servers to on-prem via SMTP resolved this

GD Star Rating
loading...
GD Star Rating
loading...