Blog

FortiGate Dual ISP Failover both active v5.4

FortiGate Dual ISP Failover both active v5.4

The premise.  You have a FortiGate and you have two ISP connections.  Maybe the speeds aren’t that close together and one of them is really just for failover so load balancing is out but you want BOTH WAN connections to respond from the outside. It’s pretty straight forward.  Configure your IP addressing on both WAN interfaces.  Let’s assume WAN1 is going to be the primary connection. The secret sauce is in the Distance and Priority for your static routes.  You…

Read More Read More

Cisco FirePOWER Management Center Alerting – v6

Cisco FirePOWER Management Center Alerting – v6

If you want to be notified of system alerts without having to stare at the dashboard then you need to configure an email server and external alerting. Configure Email Notification Navigate to System > Configuration > Email Notification Enter the Mail Relay Host, the port number, the encryption method, the from address and the authentication settings and click Save. Make sure to click Test Mail Server Settings to make sure they are working properly before proceeding.  

Cisco ASA5500-X FirePOWER Preparation v6

Cisco ASA5500-X FirePOWER Preparation v6

To upgrade an ASA’s FirePOWER module to version 6 and get it ready to be integrated into FirePOWER Management Center is a bit of a process but thankfully most of it isn’t production impacting. First a few prerequisites. The ASA must have a SSD drive installed and functional.  Do a show inventory from the CLI to make sure one is found before you get started, if you have a drive installed but it’s not showing up try rebooting the ASA….

Read More Read More

Cisco FirePOWER Management Center v6 – Adding Licenses

Cisco FirePOWER Management Center v6 – Adding Licenses

This will cover Classic Licensing, not Smart Licensing for FirePOWER features.  You’ll receive your PAK code from Cisco either electronically or on a paper card.  From there you can goto https://cisco.com/go/license to register it and get the actual .LIC file. If you haven’t purchased a license yet, you can get a demo license from Cisco by working with your sales engineer. Before you head over there you will need the License Key from the FirePOWER Management Center since that’s where…

Read More Read More

Cisco FirePOWER Management Center AD Integration v6

Cisco FirePOWER Management Center AD Integration v6

You have FirePOWER Management Center all fired up and configured and you are getting lots of information but rather then seeing what user is doing what, you are just getting source computer IP addresses.  You can tie FirePOWER into Active Directory to report on actual users as well as being able to create policies based on AD users.  This lets you get much more granular with your approach. There are two ways to accomplish this, active authentication and passive authentication….

Read More Read More

Cisco FirePOWER Management Center v6 – Initial Installation

Cisco FirePOWER Management Center v6 – Initial Installation

This will review deploying the Cisco FirePOWER Management Center on ESXi.  The Management Center makes it possible to manage multiple FirePOWER devices from a central server, allowing you to scale up more efficiently. Before we get started, a few prerequisites.  Make sure you have a VMware host (ESXi or ESX).  You will need capacity on this host for 8GB RAM, 4 vCPU’s and 250GB storage (thick provisioned) for the FirePOWER Management Center VM.  You can deploy this thin provisioned if…

Read More Read More

FortiGate SSL VPN v5.4

FortiGate SSL VPN v5.4

This will review setting up remote users to access your network using a SSL VPN connection, either by tunnel mode (FortiClient) or with a web browser. For this example we’re using tunnel mode instead of split tunnel.  This means all traffic (including Internet traffic) will go through the firewall, allowing the client to be protected by the firewalls security features. This example will authenticate with local user accounts. Step 1:  Create a local user On your FortiGate go to User…

Read More Read More

FortiGate VPN – SSL Certificate Installation

FortiGate VPN – SSL Certificate Installation

Why should you get a certificate for SSL-VPN? When you setup your FortiGate to let users connect into your network via SSL-VPN you will notice they receive a certificate warning.  This is because the certificate being used is the self signed certificate that’s on the firewall.  This certificate isn’t “trusted” by clients trying to connect in so they warn you on connection attempts. You can eliminate this problem and potential support call by purchasing a SSL certificate from a reputable…

Read More Read More