FortiGate “Deny: DNS Error”
Fortigate firewalls do inspect the data stream. This is also true for DNS (Domain Name Service). Sometimes you will see the error: "Deny: DNS error" in the logs Having a…
Format FortiGate diag sniffer packet for Wireshark
On FortiGate firewalls you got the command: diag sniffer packet [interface] '[filter]' [verbose level] [count] [tsformat] Details you find ⇒here. If you just want to verify, if a packet passes the…
OpenBSD Guest on a KVM Host
Computer environments without virtualisation are not possible anymore. Theoretically all problems in this are should be solved by now. There are is an exception: Running OpenBSD as a guest under…
Dump FortiGate Config into TXT, CSV or HTML
Sometimes you need to document your firewall rules. To do this, I wrote a perl-script to create a CSV file. Importing CSV into a spreadsheet is a good way for…
Fortigate Firewall Traffic Processing Troubleshooting
Traffic Processing Application Debugging diag debug application shows what happens during the execution of a process. Detailed information is shown. Debug level is a bit mask. diag debug application [application…
Fortigate Firewall Network Troubleshooting
Network Troubleshooting Interface Status Display interface information. Link status, settings are shown here. get hardware nic <interface> On FortiGates using SPF/SPF+ transceivers you can see their status get system interface…