@@FortinetGuru No problem. Your content is great and from time to time I just send you an email but coming into work and seeing a vid posted is always a great way to start a week.
Mike nice to see you refreshing the channel content. I've been staying on 6.4 but the time is coming to go to 7.x due to End of Engineering supporting coming up for 6.4 so it's cool seeing what's new on the bleeding edge of 7.2. I would be curious if you would interested in making some content around combing SDWAN and IPSec VPNS. A good example, is many organizations have multiple WANS. AWS by default gives you two peers for each WAN. I think it would pretty cool to see SDWAN driving traffic in this scenario and checking each VPN peer is alive. Content has been very helpful over the years thanks!
It’s on the list of content. Going to redo some videos and focus on 7.2.x for them. So tutorials for regular tasks and then bringing in some lab use cases for sdwan and dynamic routing. Would really like to jump on ztna and such as well for some videos.
@@FortinetGuru yeah, be great to see some videos on how ztna can replace the need for some ssl vpn connections, even mapped drives I hear is possible!
I follow many of your content all over the internet so thanks for sharing your knowledge. You already saw that this version has a BUG regarding the creation of automatic Objects when you choose the LAN Role in the configuration.
@@FortinetGuru It would not have been so bad had Fortinet disclosed this information in the release notes. FortiOS 7.0.10 and 7.0.11 do not have this...why only in 7.2.4?! ugh
113 / 5.000 Resultados de traducción Resultado de traducción Me more, the point is that this new version has a BUG and it is not possible to disable it when setting the LAN Role.💩@@FortinetGuru
@@alejanxon I'm not understanding your issue with SSL VPN on 7.2.4. Been running it just fine and have a few clients that utilize Azure MFA with 7.2.4. Can you please be more specific or descriptive in the issue you are observing?
Thanks Mike, I first jumped into fortinet equipment about a yr ago for a new work site, I had three months to learn everything possible to get it going before staff moved in, I usually get pretty excited working with new gear so enjoyed the challenge. This year we changed more sites turning over to fortinet so its been pretty busy.
Thanks for the overview Mikey! Such a good thorough run through. Big new take aways for me are the abilities for tieing authentication to local ad or potentially azure ad, as well as the new let's encrypt integration for certificates. Would love to see a walkthrough on how you do either or both of those if you are looking for video ideas.
Hi Mike! Do you have a video of how to configure SD-WAN while using FortiManager and IPSec tunnels between devices? I have a hub spoke network and want to add a second ISP to the HQ site. Since both sides are controlled by FortiGate's, I should have more freedom to aggregate IPSec traffic over both WANs, right?
Good video. I had to setup a 60F with 4 FortiSwitches. I created a second fortilink interface in the CLI for the untrusted pair of switches. Was my first time using Forti, one thing that I struggled with was getting the WAN to work from a switch interface, wasn't using the wan on the FortiGate. Dual wan transit cables from the DC to each untrusted switch, in the end I used a VLAN and static routing. But wondering if there was a way to have brought the switch interface back directly to the network interface list or if I could have improved the design. Great videos they helped me a lot thank you.
Thanks Mike! Your videos have helped me tremendously throughout the year. I have been struggling with one thing for several weeks, and that's configuring FortiAP's to use Azure AD SSO authentication to connect to the SSID. I've done and redone everything in the documentation several times, but there's obviously something I'm missing and the Fortinet support team have NOT been helpful. Do you have a video on that?
Can you do a video with an AWS environment? Would like to so see a fortimanager connected to a Fortigate in fips mode… plus the fortianalyzer features!
So I work for a major MSP. We pretty much exclusively deploy Fortinet equipment. Fortinet is really cool because they sent any of the engineers in our company that competed NSE 1, 2, and 3 a free FortiGate 70F with a free year of support and licensing for all of the things. But, the frustrating thing is since the 70F is using the new silicon, I can't update to v7.4.x. lol But, I love using my FortiGate at home and a few of us have an IPSec VPN connection together that we use to play some retro games together. The bad side is, now I'm hooked and I want to buy a FortiSwitch and some FortiAPs. lol EDIT: Well, nevermind, I just looked on my FortiGate and the update is available now. lol But, it hasn't been for a while since release.
Love your videos the way explain it simple and nice. I want to ask a question, i have a ipsec tunnel showing error connection expiring due to phase1 down how to fix it?
Always make sure Phase 1 and 2's of the IPSEC tunnel match the remote side (just flip what is considered local and remote accordingly). Then make sure you have the necessary policy and routes. Otherwise, use the debug options within FortiOS to view the exact issue.
Thanks for the video. Can I ask would you recommend allowing UDP on 443 outbound? We have blocked mostly everything outbound except the essential services / ports. sounds like 7.2.4 can analyze the QUIC protocol - but I might have that all wrong! Thanks
Given the interface changes since the last time you did something along these lines how about a training video on setting up a new FortiGate using your best practices. Doing it with a SD Wan would be even better.
Are the firewall policies reciprocal? I noticed that the only policy I get marked traffic through is the default LAN2WAN. When I set up a matching poilicy of WAN2LAN, it sits at 0kb throughput.
Policy depends on the side initiating the traffic. Wan to lan probably won’t have hits because all of your traffic is internal stuff pulling down instead of people on the outside trying to go to hosted resources behind your firewall.
I loaded a client on 7.2.4 on a 40F, configured base policies (learned from your channel) and had a memory leak :( rolled back to 7.2.1. Aware of the CVE's but it's been stable so far.
Very helpful walkthrough. I'm stepping into the FortiGate ecosystem soon and am trying to familiarize myself as much as I can. I do have one question: In your opinion does it make any sense to try and wait for the next series of Fortigate devices? It's been 2-3 years since the F series came out and I would like to maximize the lifecycle of the device.
I don’t expect the first G series soho units until end of year. That is still a wild guess on release. Fortinet will support them for x number of years after end of lifecycle. You should in theory replace your hardware at a rate that makes that a non issue.
hi i have fortinet FAP-421E-E can you help how can i use as standalone wifi AP so i can able to used in home if we use linksys router we can configer very easly thright web page. dos the AP have its configertion page or i have to attached an other device to to run FAP-421E-E .
Today I went to configure a SD-WAN rule on my 60F and I wasn't able to select the application from the GUI. I had to chose the application from the CLI using a number, it was super frustrating. Had same issue with the traffic shapers using application detection.
I really need some help with a ssl vpn I’m trying to setup on a fortigate 60f at work. I’ve tried many configurations but can only seem to connect to the vpn when I am on the local network. I am unable to connect when on an outside network. Any help would be appreciated!
Nice guides, love it. I'm new to Fortigates, comming from Palo Alto, so i have a Fortigate VM for my homelab, but thinking about using it as primary firewall, so i can get some data in it. And i saw that you had a few xbox's. How have you managed to get the NAT Type to open or moderate, do you have several public ip's and do 1:1 NAT on them or are there some dynamical options that works, or do you manually create rules and forward ports for each game that requires it? And also, awesome work 👍
XBOX, in my experience, always considers the NAT be moderate or high. Only real way around that IMO is for the device to have a clear public IP assigned to it and no NAT with wide open policies. That would be bad for security though.
@@FortinetGuru Indeed it would, just thought you might have figured some sort of workaround, since you had kids with their xbox's on the fortigate, but thanks for the reply ;-)
If any of you have FG1800Fs, Do not update to this firmware, including 7.2.3. This has been my headache for weeks now and Fortinet Support is not really helpful and really clueless with the High CPU and Memory bugs we've encountered. Had to downgrade to 6.4.12.
Particular model of FortiGate or are you experiencing it across the board? I am only running it at the house and in one of the businesses that I personally own (I like to eat the dog food before I recommend to anyone else!)
@@FortinetGuru on 40F, 60F and 100F. I have about 40 fgts on customers, and some of them on same version keep increase memory forever. I change the conserve mode limits to solve.
Hey! He is still alive! Good to see you, Mike.
I just stay so busy! Thanks brother!
@@FortinetGuru No problem. Your content is great and from time to time I just send you an email but coming into work and seeing a vid posted is always a great way to start a week.
I switched to Fortinet from a horrible german security vendor about a year ago. Your videos and especially your blog posts helped me a lot. Thanks!
Awesome
I hope to see you bavk soon! We miss you !
Great update on 7.2.4. I'm an SE at Fortinet and I like all your videos and how well you explain the tech.
Good to see you again, just deployed my first full Fortistack and I’m very happy. The Switch Clients view make me want to go to 7.2
Nice walkthrough! and welcome back :D
Fantastic 30,000” view. About to make this mandatory viewing for my team.
Hi Mike, I am so glad every time I see your face. You are the real face of Fortinet UTMs 😁
Mike nice to see you refreshing the channel content. I've been staying on 6.4 but the time is coming to go to 7.x due to End of Engineering supporting coming up for 6.4 so it's cool seeing what's new on the bleeding edge of 7.2. I would be curious if you would interested in making some content around combing SDWAN and IPSec VPNS. A good example, is many organizations have multiple WANS. AWS by default gives you two peers for each WAN. I think it would pretty cool to see SDWAN driving traffic in this scenario and checking each VPN peer is alive. Content has been very helpful over the years thanks!
It’s on the list of content. Going to redo some videos and focus on 7.2.x for them. So tutorials for regular tasks and then bringing in some lab use cases for sdwan and dynamic routing.
Would really like to jump on ztna and such as well for some videos.
@@FortinetGuru yeah, be great to see some videos on how ztna can replace the need for some ssl vpn connections, even mapped drives I hear is possible!
Dude, I've learned a good bit about Fortinet from your content thanks a ton!
I follow many of your content all over the internet so thanks for sharing your knowledge. You already saw that this version has a BUG regarding the creation of automatic Objects when you choose the LAN Role in the configuration.
Yeah, I hate automated address creations and anything the wizards auto build.
@@FortinetGuru It would not have been so bad had Fortinet disclosed this information in the release notes. FortiOS 7.0.10 and 7.0.11 do not have this...why only in 7.2.4?! ugh
113 / 5.000
Resultados de traducción
Resultado de traducción
Me more, the point is that this new version has a BUG and it is not possible to disable it when setting the LAN Role.💩@@FortinetGuru
@@alejanxon I'm not understanding your issue with SSL VPN on 7.2.4. Been running it just fine and have a few clients that utilize Azure MFA with 7.2.4. Can you please be more specific or descriptive in the issue you are observing?
Thanks Mike, I first jumped into fortinet equipment about a yr ago for a new work site, I had three months to learn everything possible to get it going before staff moved in, I usually get pretty excited working with new gear so enjoyed the challenge. This year we changed more sites turning over to fortinet so its been pretty busy.
😎😎
I love your videos m8, so straight to the point. Thanks for the great work around the fortigates
Thanks!
Thanks for the overview Mikey! Such a good thorough run through. Big new take aways for me are the abilities for tieing authentication to local ad or potentially azure ad, as well as the new let's encrypt integration for certificates.
Would love to see a walkthrough on how you do either or both of those if you are looking for video ideas.
Added to the list!
I am a huge fan of tenacious D, you’re amazing Jack!
😂😂
Thanks for being you!
The only way I know how to be 😎
Hi Mike! Do you have a video of how to configure SD-WAN while using FortiManager and IPSec tunnels between devices? I have a hub spoke network and want to add a second ISP to the HQ site. Since both sides are controlled by FortiGate's, I should have more freedom to aggregate IPSec traffic over both WANs, right?
Not yet but I can certainly create one.
Nice walktrhough Mike!! Regards from Argentina 👌😉
😎😎
Thanks for this nice Feature Walktrough. Very interesting!
Glad you enjoyed it!
Great job,.. thankyou for all the great videos. 👍🏼
Very welcome
Nice video! Well done 👏
Thanks!
Great content as always. Thank you
Good video !! Looks like they are making it nicer and nicer..
They are!
do you have a video more focused on security fabric connection and how it relates to an active/passive pair ?
Thanks, Mike! wish to see more hands-on labs🙏
Sounds like a plan
I miss your how-to videos.
I like to see one showing how to setup LetsEncrypt.
+1
Will get one in route.
Good video. I had to setup a 60F with 4 FortiSwitches. I created a second fortilink interface in the CLI for the untrusted pair of switches. Was my first time using Forti, one thing that I struggled with was getting the WAN to work from a switch interface, wasn't using the wan on the FortiGate. Dual wan transit cables from the DC to each untrusted switch, in the end I used a VLAN and static routing. But wondering if there was a way to have brought the switch interface back directly to the network interface list or if I could have improved the design. Great videos they helped me a lot thank you.
I am a big fan of using VLANs to split things off and provide the necessary connectivity.
@FortinetGuru good job, when you do a ZTNA video? and Comparison to vpns?
Hi Mike, can you please make a Video about config a fortiswitch without using Fortilink Management. Radius Authentication, Auto VLAN etc.
Thanks Mike! Your videos have helped me tremendously throughout the year. I have been struggling with one thing for several weeks, and that's configuring FortiAP's to use Azure AD SSO authentication to connect to the SSID. I've done and redone everything in the documentation several times, but there's obviously something I'm missing and the Fortinet support team have NOT been helpful. Do you have a video on that?
Can you do a video with an AWS environment? Would like to so see a fortimanager connected to a Fortigate in fips mode… plus the fortianalyzer features!
I have some cloud stuff coming.
very nice explanation sir :D
Thanks and welcome
So I work for a major MSP. We pretty much exclusively deploy Fortinet equipment. Fortinet is really cool because they sent any of the engineers in our company that competed NSE 1, 2, and 3 a free FortiGate 70F with a free year of support and licensing for all of the things. But, the frustrating thing is since the 70F is using the new silicon, I can't update to v7.4.x. lol But, I love using my FortiGate at home and a few of us have an IPSec VPN connection together that we use to play some retro games together. The bad side is, now I'm hooked and I want to buy a FortiSwitch and some FortiAPs. lol
EDIT: Well, nevermind, I just looked on my FortiGate and the update is available now. lol But, it hasn't been for a while since release.
Love your videos the way explain it simple and nice. I want to ask a question, i have a ipsec tunnel showing error connection expiring due to phase1 down how to fix it?
Always make sure Phase 1 and 2's of the IPSEC tunnel match the remote side (just flip what is considered local and remote accordingly). Then make sure you have the necessary policy and routes. Otherwise, use the debug options within FortiOS to view the exact issue.
Thanks for the video.
Can I ask would you recommend allowing UDP on 443 outbound? We have blocked mostly everything outbound except the essential services / ports.
sounds like 7.2.4 can analyze the QUIC protocol - but I might have that all wrong!
Thanks
Given the interface changes since the last time you did something along these lines how about a training video on setting up a new FortiGate using your best practices. Doing it with a SD Wan would be even better.
Are the firewall policies reciprocal? I noticed that the only policy I get marked traffic through is the default LAN2WAN. When I set up a matching poilicy of WAN2LAN, it sits at 0kb throughput.
Policy depends on the side initiating the traffic. Wan to lan probably won’t have hits because all of your traffic is internal stuff pulling down instead of people on the outside trying to go to hosted resources behind your firewall.
I loaded a client on 7.2.4 on a 40F, configured base policies (learned from your channel) and had a memory leak :( rolled back to 7.2.1. Aware of the CVE's but it's been stable so far.
Good to know.
Very helpful walkthrough.
I'm stepping into the FortiGate ecosystem soon and am trying to familiarize myself as much as I can.
I do have one question: In your opinion does it make any sense to try and wait for the next series of Fortigate devices? It's been 2-3 years since the F series came out and I would like to maximize the lifecycle of the device.
I don’t expect the first G series soho units until end of year. That is still a wild guess on release. Fortinet will support them for x number of years after end of lifecycle. You should in theory replace your hardware at a rate that makes that a non issue.
hi i have fortinet FAP-421E-E can you help how can i use as standalone wifi AP so i can able to used in home if we use linksys router we can configer very easly thright web page. dos the AP have its configertion page or i have to attached an other device to to run FAP-421E-E .
FortiAPs need a controller, whether it is a fortigate, fortiwlc, or forticloud
Nice beard growth !
Gotta keep it growing 😂
Killer Alien shirt!
😎
Today I went to configure a SD-WAN rule on my 60F and I wasn't able to select the application from the GUI.
I had to chose the application from the CLI using a number, it was super frustrating.
Had same issue with the traffic shapers using application detection.
System > feature visibility > application based sdwan.
@@FortinetGuru Thanks.
Appreciate the assist.
Any insight to failure rate? In 2 years, i had 280 RMA's.
280 RMAs on what overall count and what specific devices ? Fortigates? Switches?
I really need some help with a ssl vpn I’m trying to setup on a fortigate 60f at work. I’ve tried many configurations but can only seem to connect to the vpn when I am on the local network. I am unable to connect when on an outside network. Any help would be appreciated!
Do you have the ssl vpn settings configured to listen on the outside interface ?
@@FortinetGuru I do, listening on interface Wan1 which is outside
@@FortinetGuru Do i need to port foward the port for my router to allow the traffic in?
Nice guides, love it.
I'm new to Fortigates, comming from Palo Alto, so i have a Fortigate VM for my homelab, but thinking about using it as primary firewall, so i can get some data in it.
And i saw that you had a few xbox's.
How have you managed to get the NAT Type to open or moderate, do you have several public ip's and do 1:1 NAT on them or are there some dynamical options that works, or do you manually create rules and forward ports for each game that requires it?
And also, awesome work 👍
XBOX, in my experience, always considers the NAT be moderate or high. Only real way around that IMO is for the device to have a clear public IP assigned to it and no NAT with wide open policies. That would be bad for security though.
@@FortinetGuru Indeed it would, just thought you might have figured some sort of workaround, since you had kids with their xbox's on the fortigate, but thanks for the reply ;-)
Can I hire you for a project ASAP?
what are your thoughts on the SSL VPN bug IDs for 7.2.4?
Is there a specific one if interest? The ones in the notes are relatively normal bugs
Mike, is 7_2_4 solid now or should I remain on 6_4_12?
Honestly I’m pushing most to latest of 7.0 and testing / using 7.2.4 in my internal companies and clients that are more accepting of risk.
If any of you have FG1800Fs, Do not update to this firmware, including 7.2.3. This has been my headache for weeks now and Fortinet Support is not really helpful and really clueless with the High CPU and Memory bugs we've encountered. Had to downgrade to 6.4.12.
Good to know. I have a few 1800fs but they are on 7.0.X.
What issues are you seeing? Just high CPU and memory utilization?
This shit version is consuming a lot of memory and get conserve mode all time.
Particular model of FortiGate or are you experiencing it across the board? I am only running it at the house and in one of the businesses that I personally own (I like to eat the dog food before I recommend to anyone else!)
@@FortinetGuru on 40F, 60F and 100F. I have about 40 fgts on customers, and some of them on same version keep increase memory forever. I change the conserve mode limits to solve.
Specific service creeping up in utilization or just in general?
@@FortinetGuru most the wad process, and sometimes lots of IPS