Category: Fortinet

Fortinet Sniffing Commands

Important information about the Fortinet sniffing : Some Fortinet architectures (3140B for example) have hardware acceleration. This means that for each session you will try to do sniffing, you only see the beginning of each session. In terms of internal architecture only the first packet of a session go through the CPU, the rest goes…




Fortigate VPN Troubleshooting

Use the following commands to check the Phase1/Phase2 configuration: show vpn ipsec phase1-interface edit “NAME_OF_VPN_P1” set interface “INTERNEToutside set proposal aes256-sha256 set remote-gw 1.2.3.4 set psksecret ENC next show vpn ipsec phase2-interface edit “NAME_OF_VPN_P2” set dst-addr-type name set phase1name “NAME_OF_VPN_P1” set proposal aes256-sha1 set replay disable set src-addr-type name set dst-name “NETWORK_DST_10.1.1.0/23” set keylifeseconds 28800…