Posts

[CentOS/Rocky/RHEL] Forticlient installation

Image
  Method 1: Rocky 8  (and newer),  Centos 7 (and newer) and Redhat 7 (and newer) Install yum-utils: yum install yum-utils Add repo sudo yum-config-manager --add-repo  https://repo.fortinet.com/repo/forticlient/7.4/centos/8/os/x86_64/fortinet.repo Install FortiClient sudo yum install forticlient Method 2: Direct RPM Download Link: Installation Download the FortiClient VPN RPM package from  https://links.fortinet.com/forticlient/rhel/vpnagent  - this will normally be downloaded to the  Downloads  folder in your user's home folder. In the file browser navigate to this folder and double click on the forticlient_vpn_X.XX.XXXX_x86_64.rpm file and click Install in the software install window. Configuration Launch FortiClient using the shield icon in the top bar and then click 'Configure VPN'. Ensure that SSL-VPN is selected, enter a connection name (e.g. FMRIB VPN) and then in the Remote Gateway box enter https://vpn.fmrib.ox.ac.uk/fmrib into the Remote Gateway field. Click 's
Post a Comment
Read more

IKEv2 Remote Access VPN using ForticlientVPN

Image
  Interface: config system interface     edit "port1"         set vdom "root"         set ip 192.168.0.108 255.255.255.0         set allowaccess ping https ssh http         set type physical         set netflow-sampler both         set alias "WAN1"         set lldp-reception enable         set role wan         set snmp-index 1         set secondary-IP enable         set mtu-override enable         set mtu 1000     next     edit "port4"         set vdom "root"         set ip 20.20.20.108 255.255.255.0         set allowaccess ping         set type physical         set alias "LAN"         set snmp-index 8     next VPN Config: Phase1: config vpn ipsec phase1-interface     edit "IKEv2"         set type dynamic         set interface "port1"         set ike-version 2         set peertype one         set net-device disable         set mode-cfg enable         set ipv4-dns-server1 192.168.0.254         set proposal a
Post a Comment
Read more

IKEv2 IPsec Config Fortigate

Image
Interface:  config system interface     edit "port2"         set vdom "root"         set ip 14.140.40.108 255.255.255.0         set allowaccess ping https         set type physical         set alias "WAN2"         set role dmz         set snmp-index 2     next     edit "port4"         set vdom "root"         set ip 20.20.20.108 255.255.255.0         set allowaccess ping         set type physical         set alias "LAN"         set snmp-index 8     next     edit "test"         set vdom "root"         set type tunnel         set snmp-index 9         set interface "port2"     next end IKEv2 VPN: config vpn ipsec phase1-interface     edit "test"         set interface "port2"         set ike-version 2         set peertype any         set net-device disable         set proposal aes256-sha256         set dhgrp 2         set nattraversal disable         set transport udp         set re
Post a Comment
Read more

Configure Redundant IPsec VPN with SD-WAN

Image
  IPsec Tunnel Interface: config system interface     edit "tun1-isp1"         set vdom "root"         set ip 172.16.1.1 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 172.16.1.2 255.255.255.0         set snmp-index 9         set interface "port1"     next end config system interface     edit "tun2-isp2"         set vdom "root"         set ip 172.16.2.1 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 172.16.2.2 255.255.255.0         set snmp-index 11         set interface "port2"     next end config vpn ipsec phase1-interface     edit "tun1-isp1"         set interface "port1"         set peertype any         set net-device disable         set proposal aes128-sha256         set comments "VPN:  -- Created by VPN wizard"         set wizard-type simplified-static-fortigate         set nattraversal disable         se
Post a Comment
Read more

DNS conditional forwarding

Image
  Configuration: DNS: config system dns     set primary 96.45.45.45     set secondary 96.45.46.46 end DNS Database: config system dns-database     edit "Internal_domain"         set domain "sumit.com"         set authoritative disable         set forwarder "14.140.40.11"         set source-ip 14.140.40.108     next end Policy: config firewall policy     edit 1         set name "Allow_traffic"         set uuid 90248244-630d-51ef-0a66-828b226eb40b         set srcintf "port3"         set dstintf "port1"         set action accept         set srcaddr "all"         set dstaddr "all"         set schedule "always"         set service "ALL"         set nat enable     next end
Post a Comment
Read more

Transparent conditional DNS forwarder

Image
##To configure the source-IP for the DNS forwarding: config system dns-database     edit "Internal Domains"         set domain "sumit.com"         set authoritative disable         set forwarder "14.140.40.11"          set source-ip 14.140.40.108     next end ##DNS Profile configuration: config dnsfilter profile     edit "test"         set transparent-dns-database "Internal Domains"     next  end ##Policy Configuration (Proxy mode): config firewall policy     edit 1         set name "Allow_internet_traffic"         set uuid d2cdbbde-62e4-51ef-36e1-3e14c83e2aa2         set srcintf "port3"         set dstintf "port1"         set action accept         set srcaddr "all"         set dstaddr "all"         set schedule "always"         set service "ALL"         set utm-status enable         set inspection-mode proxy         set dnsfilter-profile "test"         set
Post a Comment
Read more

[Fortigate] Split DNS in SSL VPN

Image
 
Post a Comment
Read more