FortiGate FortiOS 7.2.4 Walk Through

Поділитися
Вставка
  • Опубліковано 11 лис 2024

КОМЕНТАРІ • 100

  • @loganbat1310
    @loganbat1310 Рік тому +5

    Hey! He is still alive! Good to see you, Mike.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      I just stay so busy! Thanks brother!

    • @loganbat1310
      @loganbat1310 Рік тому

      @@FortinetGuru No problem. Your content is great and from time to time I just send you an email but coming into work and seeing a vid posted is always a great way to start a week.

  • @buldozzer3456
    @buldozzer3456 Рік тому +4

    I switched to Fortinet from a horrible german security vendor about a year ago. Your videos and especially your blog posts helped me a lot. Thanks!

  • @izoka1828
    @izoka1828 Рік тому +1

    I hope to see you bavk soon! We miss you !

  • @MrColoradoal
    @MrColoradoal Рік тому +4

    Great update on 7.2.4. I'm an SE at Fortinet and I like all your videos and how well you explain the tech.

  • @dudemcdude8235
    @dudemcdude8235 Рік тому

    Good to see you again, just deployed my first full Fortistack and I’m very happy. The Switch Clients view make me want to go to 7.2

  • @BroodPitt
    @BroodPitt Рік тому +1

    Nice walkthrough! and welcome back :D

  • @sblowes
    @sblowes Рік тому +1

    Fantastic 30,000” view. About to make this mandatory viewing for my team.

  • @zgralewski
    @zgralewski Рік тому

    Hi Mike, I am so glad every time I see your face. You are the real face of Fortinet UTMs 😁

  • @ScubaSteveTXST
    @ScubaSteveTXST Рік тому +4

    Mike nice to see you refreshing the channel content. I've been staying on 6.4 but the time is coming to go to 7.x due to End of Engineering supporting coming up for 6.4 so it's cool seeing what's new on the bleeding edge of 7.2. I would be curious if you would interested in making some content around combing SDWAN and IPSec VPNS. A good example, is many organizations have multiple WANS. AWS by default gives you two peers for each WAN. I think it would pretty cool to see SDWAN driving traffic in this scenario and checking each VPN peer is alive. Content has been very helpful over the years thanks!

    • @FortinetGuru
      @FortinetGuru  Рік тому +4

      It’s on the list of content. Going to redo some videos and focus on 7.2.x for them. So tutorials for regular tasks and then bringing in some lab use cases for sdwan and dynamic routing.
      Would really like to jump on ztna and such as well for some videos.

    • @thomturner6163
      @thomturner6163 Рік тому

      ​@@FortinetGuru yeah, be great to see some videos on how ztna can replace the need for some ssl vpn connections, even mapped drives I hear is possible!

  • @popacap21
    @popacap21 Рік тому

    Dude, I've learned a good bit about Fortinet from your content thanks a ton!

  • @alejanxon
    @alejanxon Рік тому +4

    I follow many of your content all over the internet so thanks for sharing your knowledge. You already saw that this version has a BUG regarding the creation of automatic Objects when you choose the LAN Role in the configuration.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Yeah, I hate automated address creations and anything the wizards auto build.

    • @loganbat1310
      @loganbat1310 Рік тому

      @@FortinetGuru It would not have been so bad had Fortinet disclosed this information in the release notes. FortiOS 7.0.10 and 7.0.11 do not have this...why only in 7.2.4?! ugh

    • @alejanxon
      @alejanxon Рік тому

      113 / 5.000
      Resultados de traducción
      Resultado de traducción
      Me more, the point is that this new version has a BUG and it is not possible to disable it when setting the LAN Role.💩@@FortinetGuru

    • @loganbat1310
      @loganbat1310 Рік тому

      @@alejanxon I'm not understanding your issue with SSL VPN on 7.2.4. Been running it just fine and have a few clients that utilize Azure MFA with 7.2.4. Can you please be more specific or descriptive in the issue you are observing?

  • @Xiuhcoatl1
    @Xiuhcoatl1 Рік тому +1

    Thanks Mike, I first jumped into fortinet equipment about a yr ago for a new work site, I had three months to learn everything possible to get it going before staff moved in, I usually get pretty excited working with new gear so enjoyed the challenge. This year we changed more sites turning over to fortinet so its been pretty busy.

  • @pingpt
    @pingpt Рік тому +1

    I love your videos m8, so straight to the point. Thanks for the great work around the fortigates

  • @thewaterboy2013
    @thewaterboy2013 Рік тому +3

    Thanks for the overview Mikey! Such a good thorough run through. Big new take aways for me are the abilities for tieing authentication to local ad or potentially azure ad, as well as the new let's encrypt integration for certificates.
    Would love to see a walkthrough on how you do either or both of those if you are looking for video ideas.

  • @sabotocki
    @sabotocki Рік тому

    I am a huge fan of tenacious D, you’re amazing Jack!

  • @nathanmcbride149
    @nathanmcbride149 Рік тому +1

    Thanks for being you!

  • @tylerwatt12
    @tylerwatt12 Рік тому +7

    Hi Mike! Do you have a video of how to configure SD-WAN while using FortiManager and IPSec tunnels between devices? I have a hub spoke network and want to add a second ISP to the HQ site. Since both sides are controlled by FortiGate's, I should have more freedom to aggregate IPSec traffic over both WANs, right?

    • @FortinetGuru
      @FortinetGuru  Рік тому +5

      Not yet but I can certainly create one.

  • @alejandroparrello6493
    @alejandroparrello6493 Рік тому

    Nice walktrhough Mike!! Regards from Argentina 👌😉

  • @ko_3x335
    @ko_3x335 Рік тому

    Thanks for this nice Feature Walktrough. Very interesting!

  • @qcnsllcqcnsupport7616
    @qcnsllcqcnsupport7616 Рік тому +1

    Great job,.. thankyou for all the great videos. 👍🏼

  • @superdatamaskin
    @superdatamaskin Рік тому +2

    Nice video! Well done 👏

  • @harrylumsdon6773
    @harrylumsdon6773 Рік тому

    Great content as always. Thank you

  • @JasonsLabVideos
    @JasonsLabVideos Рік тому +1

    Good video !! Looks like they are making it nicer and nicer..

  • @1sabell3
    @1sabell3 Рік тому

    do you have a video more focused on security fabric connection and how it relates to an active/passive pair ?

  • @bytes86
    @bytes86 Рік тому

    Thanks, Mike! wish to see more hands-on labs🙏

  • @drostoker
    @drostoker Рік тому +2

    I miss your how-to videos.
    I like to see one showing how to setup LetsEncrypt.

  • @liam2161
    @liam2161 Рік тому +1

    Good video. I had to setup a 60F with 4 FortiSwitches. I created a second fortilink interface in the CLI for the untrusted pair of switches. Was my first time using Forti, one thing that I struggled with was getting the WAN to work from a switch interface, wasn't using the wan on the FortiGate. Dual wan transit cables from the DC to each untrusted switch, in the end I used a VLAN and static routing. But wondering if there was a way to have brought the switch interface back directly to the network interface list or if I could have improved the design. Great videos they helped me a lot thank you.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      I am a big fan of using VLANs to split things off and provide the necessary connectivity.

  • @B3nD0t
    @B3nD0t 4 місяці тому

    @FortinetGuru good job, when you do a ZTNA video? and Comparison to vpns?

  • @ko_3x335
    @ko_3x335 Рік тому

    Hi Mike, can you please make a Video about config a fortiswitch without using Fortilink Management. Radius Authentication, Auto VLAN etc.

  • @niel19861
    @niel19861 Рік тому

    Thanks Mike! Your videos have helped me tremendously throughout the year. I have been struggling with one thing for several weeks, and that's configuring FortiAP's to use Azure AD SSO authentication to connect to the SSID. I've done and redone everything in the documentation several times, but there's obviously something I'm missing and the Fortinet support team have NOT been helpful. Do you have a video on that?

  • @firehuge
    @firehuge Рік тому +1

    Can you do a video with an AWS environment? Would like to so see a fortimanager connected to a Fortigate in fips mode… plus the fortianalyzer features!

  • @doddyadipermana2934
    @doddyadipermana2934 Рік тому

    very nice explanation sir :D

  • @MitchellWilsonII
    @MitchellWilsonII Рік тому

    So I work for a major MSP. We pretty much exclusively deploy Fortinet equipment. Fortinet is really cool because they sent any of the engineers in our company that competed NSE 1, 2, and 3 a free FortiGate 70F with a free year of support and licensing for all of the things. But, the frustrating thing is since the 70F is using the new silicon, I can't update to v7.4.x. lol But, I love using my FortiGate at home and a few of us have an IPSec VPN connection together that we use to play some retro games together. The bad side is, now I'm hooked and I want to buy a FortiSwitch and some FortiAPs. lol
    EDIT: Well, nevermind, I just looked on my FortiGate and the update is available now. lol But, it hasn't been for a while since release.

  • @asifalikhan3796
    @asifalikhan3796 Рік тому

    Love your videos the way explain it simple and nice. I want to ask a question, i have a ipsec tunnel showing error connection expiring due to phase1 down how to fix it?

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Always make sure Phase 1 and 2's of the IPSEC tunnel match the remote side (just flip what is considered local and remote accordingly). Then make sure you have the necessary policy and routes. Otherwise, use the debug options within FortiOS to view the exact issue.

  • @rogerramjet04
    @rogerramjet04 Рік тому

    Thanks for the video.
    Can I ask would you recommend allowing UDP on 443 outbound? We have blocked mostly everything outbound except the essential services / ports.
    sounds like 7.2.4 can analyze the QUIC protocol - but I might have that all wrong!
    Thanks

  • @drostoker
    @drostoker Рік тому

    Given the interface changes since the last time you did something along these lines how about a training video on setting up a new FortiGate using your best practices. Doing it with a SD Wan would be even better.

  • @g04tn4d0
    @g04tn4d0 Рік тому

    Are the firewall policies reciprocal? I noticed that the only policy I get marked traffic through is the default LAN2WAN. When I set up a matching poilicy of WAN2LAN, it sits at 0kb throughput.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Policy depends on the side initiating the traffic. Wan to lan probably won’t have hits because all of your traffic is internal stuff pulling down instead of people on the outside trying to go to hosted resources behind your firewall.

  • @lib..909
    @lib..909 Рік тому

    I loaded a client on 7.2.4 on a 40F, configured base policies (learned from your channel) and had a memory leak :( rolled back to 7.2.1. Aware of the CVE's but it's been stable so far.

  • @StefanoAgrotis
    @StefanoAgrotis Рік тому

    Very helpful walkthrough.
    I'm stepping into the FortiGate ecosystem soon and am trying to familiarize myself as much as I can.
    I do have one question: In your opinion does it make any sense to try and wait for the next series of Fortigate devices? It's been 2-3 years since the F series came out and I would like to maximize the lifecycle of the device.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      I don’t expect the first G series soho units until end of year. That is still a wild guess on release. Fortinet will support them for x number of years after end of lifecycle. You should in theory replace your hardware at a rate that makes that a non issue.

  • @shazee9
    @shazee9 Рік тому

    hi i have fortinet FAP-421E-E can you help how can i use as standalone wifi AP so i can able to used in home if we use linksys router we can configer very easly thright web page. dos the AP have its configertion page or i have to attached an other device to to run FAP-421E-E .

    • @FortinetGuru
      @FortinetGuru  Рік тому

      FortiAPs need a controller, whether it is a fortigate, fortiwlc, or forticloud

  • @ThisIsEduardo
    @ThisIsEduardo Рік тому +1

    Nice beard growth !

  • @synthlord6575
    @synthlord6575 Рік тому

    Killer Alien shirt!

  • @hennessy6996
    @hennessy6996 Рік тому

    Today I went to configure a SD-WAN rule on my 60F and I wasn't able to select the application from the GUI.
    I had to chose the application from the CLI using a number, it was super frustrating.
    Had same issue with the traffic shapers using application detection.

    • @FortinetGuru
      @FortinetGuru  Рік тому +1

      System > feature visibility > application based sdwan.

    • @hennessy6996
      @hennessy6996 Рік тому

      @@FortinetGuru Thanks.
      Appreciate the assist.

  • @harrylumsdon6773
    @harrylumsdon6773 Рік тому

    Any insight to failure rate? In 2 years, i had 280 RMA's.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      280 RMAs on what overall count and what specific devices ? Fortigates? Switches?

  • @darinfoy9525
    @darinfoy9525 Рік тому

    I really need some help with a ssl vpn I’m trying to setup on a fortigate 60f at work. I’ve tried many configurations but can only seem to connect to the vpn when I am on the local network. I am unable to connect when on an outside network. Any help would be appreciated!

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Do you have the ssl vpn settings configured to listen on the outside interface ?

    • @darinfoy9525
      @darinfoy9525 Рік тому

      @@FortinetGuru I do, listening on interface Wan1 which is outside

    • @darinfoy9525
      @darinfoy9525 Рік тому

      @@FortinetGuru Do i need to port foward the port for my router to allow the traffic in?

  • @madssivertsen6104
    @madssivertsen6104 Рік тому

    Nice guides, love it.
    I'm new to Fortigates, comming from Palo Alto, so i have a Fortigate VM for my homelab, but thinking about using it as primary firewall, so i can get some data in it.
    And i saw that you had a few xbox's.
    How have you managed to get the NAT Type to open or moderate, do you have several public ip's and do 1:1 NAT on them or are there some dynamical options that works, or do you manually create rules and forward ports for each game that requires it?
    And also, awesome work 👍

    • @FortinetGuru
      @FortinetGuru  Рік тому

      XBOX, in my experience, always considers the NAT be moderate or high. Only real way around that IMO is for the device to have a clear public IP assigned to it and no NAT with wide open policies. That would be bad for security though.

    • @madssivertsen6104
      @madssivertsen6104 Рік тому

      @@FortinetGuru Indeed it would, just thought you might have figured some sort of workaround, since you had kids with their xbox's on the fortigate, but thanks for the reply ;-)

  • @jonathanyarbrough1251
    @jonathanyarbrough1251 Рік тому

    Can I hire you for a project ASAP?

  • @SuperChino1979
    @SuperChino1979 Рік тому

    what are your thoughts on the SSL VPN bug IDs for 7.2.4?

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Is there a specific one if interest? The ones in the notes are relatively normal bugs

  • @lkfng
    @lkfng Рік тому

    Mike, is 7_2_4 solid now or should I remain on 6_4_12?

    • @FortinetGuru
      @FortinetGuru  Рік тому +2

      Honestly I’m pushing most to latest of 7.0 and testing / using 7.2.4 in my internal companies and clients that are more accepting of risk.

  • @samcruz6454
    @samcruz6454 Рік тому

    If any of you have FG1800Fs, Do not update to this firmware, including 7.2.3. This has been my headache for weeks now and Fortinet Support is not really helpful and really clueless with the High CPU and Memory bugs we've encountered. Had to downgrade to 6.4.12.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Good to know. I have a few 1800fs but they are on 7.0.X.
      What issues are you seeing? Just high CPU and memory utilization?

  • @elcioluizjunior
    @elcioluizjunior Рік тому

    This shit version is consuming a lot of memory and get conserve mode all time.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Particular model of FortiGate or are you experiencing it across the board? I am only running it at the house and in one of the businesses that I personally own (I like to eat the dog food before I recommend to anyone else!)

    • @elcioluizjunior
      @elcioluizjunior Рік тому

      @@FortinetGuru on 40F, 60F and 100F. I have about 40 fgts on customers, and some of them on same version keep increase memory forever. I change the conserve mode limits to solve.

    • @FortinetGuru
      @FortinetGuru  Рік тому

      Specific service creeping up in utilization or just in general?

    • @elcioluizjunior
      @elcioluizjunior Рік тому

      @@FortinetGuru most the wad process, and sometimes lots of IPS