Author: andrewtravis

This was a long post in the making… I needed to setup FortiNAC from scratch to onboard and provide a captive portal for guests to self-register once they connected to my FortiGate-managed FortiAPs in tunnel mode. After going through a dozen how-to guides that helped with different aspects of...

I love the goal of Zero Trust: don’t trust and continuously verify. It protects against extending the LAN to the remote PC connecting over the VPN, including preventing usage of personal devices by employees. It continuously checks the posture of the endpoint accessing an application. It doesn’t make the...

I have wanted to play with our FortiExtender for a while and finally got my hands on the FEX-511F! FortiExtender is more than just a cellular wireless WAN device to use as a cellular connection for a site, but can also be used for out-of-band management of the site...

I’ve been using a two year old SD-WAN/VPN/BGP config in my Fortinet home lab, adjusted over time to take advantage of new VPN and BGP templates in new FortiManager releases. But I hadn’t utilized our SD-WAN Overlay Template yet and wanted to see how it worked. The goal of...

The topic of high availability Internet connectivity is a constant conversation I have with my customers and teammates and I finally thought it best to sit down and draw the various options. These options assume you have two FortiGates in HA (I don’t get into Active-Passive vs. Active-Active for...

In last month’s post, I wrote on how to send traffic into FortiNDR to detect malware and malicious activity. Since then I brainstormed how to pump a lot of malicious traffic through my network and ended up using a mix of FortiTester, AlphaSOC, nmap and malware samples. My goal...

In a past life as a member of a Blue Team providing defensive security, I loved tapping critical points of the network and mirroring that traffic to an IDS, then to our SIEM so that we could detect malicious and anomalous behavior on the network.  Naturally I had to...

In a past blog post, I blogged about the various zero touch and low touch provisioning options when setting up new FortiGates. Since then, Fortinet has released FortiZTP to simplify zero touch provisioning further than what FortiDeploy provided. FortiDeploy used FortiGate Cloud to point FortiGates to FortiManager, but it...

BGP and SD-WAN are like peanut butter and jelly — just better together. And given that a FortiGate has full-blown BGP routing capabilities in addition to its SD-WAN capabilities, it would make sense to use the two functions to share information with each other when steering traffic. To plagiarize...