#SDN #Routing #Switching #Firewall #NAC #Proxy #Mail Gateway #SDWAN

Its easy to configure sflow for fortigate device. config system interface         edit internal         set sflow-sampler enable         set sample-rate 512         set polling-interval 20     next config system sflow     set collector-ip <X.X.X.X>     set collector-port 9997     set source-ip 0.0.0.0 end After configuring the same you can make use of SFlowTrend from inMon which is  free.

#: diag test application snmpd 44 SNMP Daemon Test Usage 1: display daemon pid 2: display snmp statistics 3: clear snmp statistics 4: generate test trap (oid: 999) 5: generate deploy traps 99: restart daemon

If you have lost the admin password for a Fortigate you can reset it if you have physical access to the box. Heads up: You have to type the userid and password within a 15 seconds of the login prompt first appearing. If you take too much time you should reboot the firewall again. Connect the console cable to the Fortigate and fire up your favorite terminal emulator Reboot the firewall unit. At the console login prompt, type in " maintainer " as the userid. Type in bcpbFGTxxxxxxxxxxxxx as the password. xxxxxxxxxxxxx will be the S/N of the Fortigate. The serial number is case sensitive so for example you should use FGT60 B , not FGT60 b . After logging in, change the admin password: config system admin edit admin set password next end

USE THE FOLLOWING FNRANCID FILE FOR BACKING UP FORTIGATE DEVICES WITHOUT RSA KEYS AND PASSWORD ENCRYPTION. NOTE:SUGGESTED TO CHECK THE SCRIPT ONTEST FIREWALL vi fnrancid #! /usr/bin/perl use Getopt::Std; getopts('dflV'); if ($opt_V) {     print "@PACKAGE@ @VERSION@\n";     exit(0); } $log = $opt_l; $debug = $opt_d; #$debug = 1; $file = $opt_f; $host = $ARGV[0]; $found_end = 0; $timeo = 90; # fnlogin timeout in seconds my(@commandtable, %commands, @commands);# command lists my($aclsort) = ("ipsort"); # ACL sorting mode my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory {     my($new_hist_tag,$new_command,$command_string,@string) = (@_);     if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && scalar(%history)) { print eval "$command \%history"; undef %history;  ...

Warning: Client NAT Port Number threshold of 85 percents reached, NAT address x.x.x.x Question: What is the meaning of the following error? WARNING Client NAT Port Number threshold of 85 percents reached, NAT address x.x.x.x What is the meaning of the following error? WARNING No more free dynamic NAT ports Answer: These errors mean For this specific NAT IP, 85% of its ports are used. There are no more free ports. To configure the number of ports per Client NAT via WBM: From the device menu, select Services > Tuning > Device . Modify the value for Client NAT Ports Per Address .

144 is the  UNRATED category ================================= config webfilter ftgd-local-rating                 edit "cvlindia.com"                         set rating 144                         set status enable                 next

======================================================= Fortigate GRE Tunnel ======================================================= config system gre-tunnel     edit "OKHLA_NEW_DELHI"         set interface "SIFY-MPLS"    (System interface under which to create VPN)         set local-gw 192.168.90.130  (Tunnel Wan sOURCE)         set remote-gw 192.168.91.162  (Tunnel Wan Destiation)     next end edit "OKHLA_NEW_DELHI"  (Main Tunnel interface under WAN)         set ip 6.6.6.10 255.255.255.255  (Tunnel IP Address)         set type tunnel         set remote-ip 6.6.6.9  (Set Remote Tunnel ip Address)         set interface "SIFY-MPLS" (Main ISP INterface) next ====================...