Category Archives: 4. Security Appliance

Understanding Firewall, Configuration, Setup and Design.

IPsec VPN troubleshooting

IPsec VPN troubleshooting
http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/

Advertisements

Troubleshooting Palo Alto Networks Hardware Issues

Troubleshooting Palo Alto Networks Hardware Issues
Hardware issues can vary from power supplies, fans, and disk drives. This document provides a guide to detect, determine and validate common hardware issues. Possible recovery actions are also provided, where applicable.

This document covers:

Accessory failures (power supply, fans, fan tray)
Disk problems
ECC errors (memory)
Using maintenance mode
General boot problems
owner: sdarapuneni

https://drive.google.com/open?id=1PHQ9co2VZPjlJNFnysTiFdvZUk84Y98a

https://live.paloaltonetworks.com/t5/Learning-Articles/Troubleshooting-Palo-Alto-Networks-Hardware-Issues/ta-p/62083

Fortigate Netflow & Sflow

Take note that netflow is only configurable on the CLI. So we need to make sure that telnet, shh or CLI console is working.

• Configuring the Netflow collector IP:
Config system network
Set collector-ip 192.168.131.93 (Solarwinds)
Set source-ip 172.30.34.131
Set active-flow-timeout 1

Enabling Netflow on the interface:
Config system interface
Edit NET-406 (Internet)
Set netflow-sampler both (RX/TX)

• NTA default port 2055 should be allowed on collector.
• Add Fortigate device and specific port in NTA device,
• Verification:
Show system interface NET-406
Show system netflow
Diagnose sniffer packet 2055

config system sflow
set collector-ip 10.0.0.50
set collector-port 6343
end

Then for each interface:

config sys interface
edit
set sflow-sampler enable
set sample-rate 512
set sample-direction both
set polling-interval 30
next
end

http://kb.fortinet.com/kb/documentLink.do?externalID=FD32024

Fortigate Syslog servers

Configuring logging to multiple Syslog servers
When configuring multiple Syslog servers (or one Syslog server), you can configure reliable
delivery of log messages from the Syslog server. Configuring of reliable delivery is available only
in the CLI.
If VDOMs are enabled, each VDOM will use the default FortiAnalyzer/Syslog server, but an
individual override can be enabled in the CLI, allowing you to specify a different
FortiAnalyzer/Syslog server for that VDOM.
To enable logging to multiple Syslog servers

1. Log in to the CLI.
Enter the following commands:
config log syslogd setting
set csv {disable | enable}
set facility
set port
set reliable {disable | enable}
set server
set status {disable | enable}
end
Fortinet Technologies Inc. Page 47 FortiOS™ Handbook – Logging and Reporting for FortiOS 5.0

2. Enter the following commands to configure the second Syslog server:
config log syslogd2 setting
set csv {disable | enable}
set facility
set port
set reliable {disable | enable}
set server
set status {disable | enable}
end

3. Enter the following commands to configure the third Syslog server:
config log syslogd3 setting
set csv {disable | enable}
set facility
set port
set reliable {disable | enable}
set server
set status {disable | enable}
end

Most FortiGate features are, by default, enabled for logging. You can disable individual
FortiGate features you do not want the Syslog server to record, as in this example:

config log syslogd filter
set traffic {enable | disable}
set web {enable | disable}
set url-filter {enable | disable}
end

To enable/disable override settings per-VDOM
config log fortianalyzer override-filter
set override {enable | disable}

end

config log fortianalyzer override-setting
set override {enable | disable}

end

config log syslogd override-filter
set override {enable | disable}

end

config log syslogd override-setting
set override {enable | disable}

end

http://docs.fortinet.com/uploaded/files/1084/fortigate-loggingreporting-509.pdf