Avoid Fortinet bricking itself after an update

The best way to avoid Fortinet bricking itself after an update is to completely clear the unit prior to upgrade and upgrade the unit from scratch.

From around OS version 4.0 MR3 Fortinet have recently changed the way their units:

  • Store the firmware image
  • Store dynamic data (e.g. DHCP Leases, Logs)
  • Store the bootloader

As a result firmware upgrades using the GUI to update the from prior firmware versions to the current MR3 patch level will result in a unit that has a very high chance of failure upon future remote firmware updates. Doing the below procedure ensures that all of these are up to date.
Read More

Fortigate Geography

Fortinet Geography Filtering

Today I implemented a Firewall policy using the recently added Fortinet geography filtering.

Fortigate Geography

For those that haven’t used this, you can specify the source or destination address to be a geographic region rather than by IP address or domain name. You can then apply policies to the geographic region to block traffic, or allow access only from that region.

In my case this was a policy that allowed all New Zealand IP Addresses to access a service on a client site – problem was this didn’t work from our offices which have a NZ IP Address but worked from everywhere else in NZ . The following handy command saved the day :
Read More