Posts

[CentOS/Rocky/RHEL] Forticlient installation

Image
  Method 1: Rocky 8  (and newer),  Centos 7 (and newer) and Redhat 7 (and newer) Install yum-utils: yum install yum-utils Add repo sudo yum-config-manager --add-repo  https://repo.fortinet.com/repo/forticlient/7.4/centos/8/os/x86_64/fortinet.repo Install FortiClient sudo yum install forticlient Method 2: Direct RPM Download Link: Installation Download the FortiClient VPN RPM package from  https://links.fortinet.com/forticlient/rhel/vpnagent  - this will normally be downloaded to the  Downloads  folder in your user's home folder. In the file browser navigate to this folder and double click on the forticlient_vpn_X.XX.XXXX_x86_64.rpm file and click Install in the software install window. Configuration Launch FortiClient using the shield icon in the top bar and then click 'Configure VPN'. Ensure that SSL-VPN is selected, enter a connection name (e.g. FMRIB VPN) and then in the Remote Gateway box enter https://vpn.fmrib.ox.ac.uk/fmrib into the Remote Gateway field. Click 's

IKEv2 Remote Access VPN using ForticlientVPN

Image
  Interface: config system interface     edit "port1"         set vdom "root"         set ip 192.168.0.108 255.255.255.0         set allowaccess ping https ssh http         set type physical         set netflow-sampler both         set alias "WAN1"         set lldp-reception enable         set role wan         set snmp-index 1         set secondary-IP enable         set mtu-override enable         set mtu 1000     next     edit "port4"         set vdom "root"         set ip 20.20.20.108 255.255.255.0         set allowaccess ping         set type physical         set alias "LAN"         set snmp-index 8     next VPN Config: Phase1: config vpn ipsec phase1-interface     edit "IKEv2"         set type dynamic         set interface "port1"         set ike-version 2         set peertype one         set net-device disable         set mode-cfg enable         set ipv4-dns-server1 192.168.0.254         set proposal a

IKEv2 IPsec Config Fortigate

Image
Interface:  config system interface     edit "port2"         set vdom "root"         set ip 14.140.40.108 255.255.255.0         set allowaccess ping https         set type physical         set alias "WAN2"         set role dmz         set snmp-index 2     next     edit "port4"         set vdom "root"         set ip 20.20.20.108 255.255.255.0         set allowaccess ping         set type physical         set alias "LAN"         set snmp-index 8     next     edit "test"         set vdom "root"         set type tunnel         set snmp-index 9         set interface "port2"     next end IKEv2 VPN: config vpn ipsec phase1-interface     edit "test"         set interface "port2"         set ike-version 2         set peertype any         set net-device disable         set proposal aes256-sha256         set dhgrp 2         set nattraversal disable         set transport udp         set re

Configure Redundant IPsec VPN with SD-WAN

Image
  IPsec Tunnel Interface: config system interface     edit "tun1-isp1"         set vdom "root"         set ip 172.16.1.1 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 172.16.1.2 255.255.255.0         set snmp-index 9         set interface "port1"     next end config system interface     edit "tun2-isp2"         set vdom "root"         set ip 172.16.2.1 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 172.16.2.2 255.255.255.0         set snmp-index 11         set interface "port2"     next end config vpn ipsec phase1-interface     edit "tun1-isp1"         set interface "port1"         set peertype any         set net-device disable         set proposal aes128-sha256         set comments "VPN:  -- Created by VPN wizard"         set wizard-type simplified-static-fortigate         set nattraversal disable         se

DNS conditional forwarding

Image
  Configuration: DNS: config system dns     set primary 96.45.45.45     set secondary 96.45.46.46 end DNS Database: config system dns-database     edit "Internal_domain"         set domain "sumit.com"         set authoritative disable         set forwarder "14.140.40.11"         set source-ip 14.140.40.108     next end Policy: config firewall policy     edit 1         set name "Allow_traffic"         set uuid 90248244-630d-51ef-0a66-828b226eb40b         set srcintf "port3"         set dstintf "port1"         set action accept         set srcaddr "all"         set dstaddr "all"         set schedule "always"         set service "ALL"         set nat enable     next end

Transparent conditional DNS forwarder

Image
##To configure the source-IP for the DNS forwarding: config system dns-database     edit "Internal Domains"         set domain "sumit.com"         set authoritative disable         set forwarder "14.140.40.11"          set source-ip 14.140.40.108     next end ##DNS Profile configuration: config dnsfilter profile     edit "test"         set transparent-dns-database "Internal Domains"     next  end ##Policy Configuration (Proxy mode): config firewall policy     edit 1         set name "Allow_internet_traffic"         set uuid d2cdbbde-62e4-51ef-36e1-3e14c83e2aa2         set srcintf "port3"         set dstintf "port1"         set action accept         set srcaddr "all"         set dstaddr "all"         set schedule "always"         set service "ALL"         set utm-status enable         set inspection-mode proxy         set dnsfilter-profile "test"         set

[Fortigate] Split DNS in SSL VPN

Image