Countless times I’m asked how to prevent brute force and password spraying attacks for SSL-VPN and there are multiple steps you can take to protect against these attacks. None is a silver bullet and your … FortiGate SSL-VPN HardeningRead more
Author: andrewtravis
FortiGate Admin SSO with SAML
This is a simple write-up, but I couldn’t find a walk-through on how to use a SAML IdP with a FortiGate SP to login to the FortiGate itself to enforce MFA on FortiGate admins. A … FortiGate Admin SSO with SAMLRead more
Using FortiFlex to License FortiGates
I create and destroy FortiGate VMs all the time in my lab and a lot of our customers do the same thing in their private cloud and public cloud environments. Having a static license to … Using FortiFlex to License FortiGatesRead more
FortiNAC for Guest Access Using a Captive Portal
This was a long post in the making… I needed to setup FortiNAC from scratch to onboard and provide a captive portal for guests to self-register once they connected to my FortiGate-managed FortiAPs in tunnel … FortiNAC for Guest Access Using a Captive PortalRead more
Fortinet Zero Trust Network Access (with SAML)
I love the goal of Zero Trust: don’t trust and continuously verify. It protects against extending the LAN to the remote PC connecting over the VPN, including preventing usage of personal devices by employees. It … Fortinet Zero Trust Network Access (with SAML)Read more
FortiExtender for Cellular Connectivity
I have wanted to play with our FortiExtender for a while and finally got my hands on the FEX-511F! FortiExtender is more than just a cellular wireless WAN device to use as a cellular connection … FortiExtender for Cellular ConnectivityRead more
The Fortinet SD-WAN Overlay Template Wizard
I’ve been using a two year old SD-WAN/VPN/BGP config in my Fortinet home lab, adjusted over time to take advantage of new VPN and BGP templates in new FortiManager releases. But I hadn’t utilized our … The Fortinet SD-WAN Overlay Template WizardRead more
FortiGate Internet Redundancy Designs
The topic of high availability Internet connectivity is a constant conversation I have with my customers and teammates and I finally thought it best to sit down and draw the various options. These options assume … FortiGate Internet Redundancy DesignsRead more
Using FortiNDR to Detect Malicious Activity
In last month’s post, I wrote on how to send traffic into FortiNDR to detect malware and malicious activity. Since then I brainstormed how to pump a lot of malicious traffic through my network and … Using FortiNDR to Detect Malicious ActivityRead more
Network Detection and Response
In a past life as a member of a Blue Team providing defensive security, I loved tapping critical points of the network and mirroring that traffic to an IDS, then to our SIEM so that … Network Detection and ResponseRead more