Skip to main content

Posts

CompTIA Security+ SY0-601

    In November last year (2020) CompTIA released a new version of Security+ course. I had a chance to deliver the training recently and I would like to share with you my thoughts.    Before I dive into details it is good to know the prerequisites and its objectives. There are many security trainings out there and before attending it, you should know, which one is for you.    CompTIA Security+ is entry level training in the cybersecurity domain. There are no strict prerequisites but you are encourage to know topics covered in A+ and Network+. You do not need to attend the course or pass the exam, knowledge and experience are more important. Before planning the exam you should review A+ and Network+ exam objectives:   https://www.comptia.org/training/resources/exam-objectives   The updated version has 21 lessons which cover basics, threats, cryptography, risk assessment,  identity management, network security appliances, secure network protocols, incident response, digital forensics, ph
Recent posts

FortiGate - Guía de resolución de problemas

by Efren Teruel Dominguez     He tenido la suerte y el privilegio de poder trabajar, primero como asesor técnico, y luego como traductor al español, de la obra de un colega y amigo mío: https://lnkd.in/gbkqjTT FortiGate - Guía de resolución de problemas Fortigate, a Troubleshooting Guide es un excelente trabajo de Hubert Wisniewski , aprovechando sus muchos años de experiencia en el sector de la seguridad y la formación. Conté con su confianza para este proyecto, que llevó bastantes horas y muy contento de que esté ya disponible a la venta a través de la plataforma de Amazon. Se aceptan críticas constructivas! :D ---------------------------------------- I have had the privilege and luck of being able to work, first as technical reviewer, and then as translator, for my friend and colleague Hubert's guide: https://lnkd.in/gbkqjTT FortiGate - Guía de resolución de problema Fortigate, a Troubleshooting Guide is an excellent work by Hubert Wisniewski , using his many year

SD-WAN on FortiGate (6.2)

SD-WAN is very hot topic and as you may know the functionality is available on FortiGate platform for free. There are huge differences between versions as new features are added or modified. You need to check documentation for a particular version as sometimes the object names are different. The post is valid for version 6.2.  I already published one post about the same topic but it was for version 5.6. Since then, adding VPN has changed and I would like to show the main differences. As per below diagram, we have 2 sites with 2 FortiGate firewalls: FGT1 and FGT2. There are two servers on the left site: - Linux - 10.0.1.20 (ssh) - Windows - 10.0.1.10 (http) There is a requirement to separate traffic to these two servers, but in case of any service degradation or failures, we can use all available links.   We start by enabling SD-WAN (remember - you can have 1 SD-WAN interface per device/VDOM!):    Click "+Create New" and then select "+VPN":     You do not need to pr

FortiGate – Troubleshooting Guide Quick Reference

After many years of working and teaching FortiGate technology I decided to share my knowledge. I focus on troubleshooting. FortiGate – Troubleshooting Guide Quick Reference presents easy to understand techniques of troubleshooting on FortiGate platform. There are many debug command examples, which explain, how to read and understand the command output. The intention of the book is not to teach you how presented technologies work. I do not explain configuration examples but if you do not feel confident to perform troubleshooting effectively, the book is for you.   https://www.amazon.com/dp/B087F95WFT

FortiGate and GRE tunnel

Recently I worked on one project where a client requested to re-route web traffic to the GRE tunnel to perform traffic inspection. I would like to share with you what is required if you configure it on FortiGate. We need a new GRE interface and policy base routing (PBR) to change the route for specific source IPs. Of course you need firewall policies to permit the traffic. Let's start with GRE interface. Unfortunately you can't configure it using the GUI, only CLI is the option: config system gre-tunnel edit "gre1" set interface "port1" set local-gw 55.55.55.55 set remote-gw 44.44.44.44 next end When the end peer is Cisco router, you need to set the IP for the GRE interface: config system interface edit gre1 set ip 192.168.10.10 255.255.255.255 set remote-ip192.168.10.20 end In next step we need to fix routing. We need the alternate path via GRE but to keep the route in the active routing table you need to set the same AD (adminis