A reminder – The importance of network segmentation

Early in my Fortinet support career I deployed wireless 221B FAPs. When they were deployed I chose to leave them in the client VLAN while tunneling traffic to the Fortigate management devices. This seemed to give a decent amount of segmentation between the wireless traffic and client LAN traffic. This setup functioned well for many …

Fortigate with Fortilink enabled switches that won’t upgrade

We had a number of Fortigate firewalls managing Fortiswitches via Fortilink, and no matter what version of Fortiswitch firmware we tried the switches would reboot but not upgrade. After some troubleshooting we found that using the following commands allowed the switches to be upgraded. config switch-controller global set https-image-push enable end

Fortigate traffic sourced from wrong interface

Installed new Fortigate 61E’s, everything seemed to work as planned until I wanted to added Fortianalyzer for traffic analysis. Testing seemed to indicate that Fortianalyzer traffic was being sent out the WAN interface instead of the IPSEC tunnel. After searching around I found that a source ip needed to be set for traffic originating from …