FortiSandbox Flow

Static Scan:
- Rule matched : Suspicious(High/Medium/Low) -> End
- Rule did not match : Clean -> Goto AV Scan

AV Scan:
- Signature matched : Malicious -> End
- Signature did not match : Clean -> Goto Cloud Query

Cloud Query:
- Hash matched with Suspicious : Suspicious(High/Medium/Low) -> End
- Hash matched with Clean : Clean -> End
- Hash did not match : Clean -> End(if not supporting VM Scan for the file) or Goto VM Scan(if supporting VM Scan for the file)

VM Scan:
- Suspicous behavior was detected  : Suspicious(High/Medium/Low) -> End
- Suspicous behavior was not detected : Clean -> End
- Other : Unknown -> End


저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
FortiSandbox Clustering Setting

Step 1 - Configure the master
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.99/24
set port2-ip 192.168.2.99/24
set port3-ip 192.168.3.99/24
set default-gw 192.168.1.1

2. Configure the device as the master node and its cluster fail-over IP for Port1 with the following commands:
hc-settings -sc -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
hc-settings -si -iport1 -a192.168.1.98/24
See Appendix A - CLI Reference on page 1 for more information about the CLI commands.

3. Review the cluster status with the following command:
hc-status -l
Other ports on the device can be used for file inputs.

Step 2 - Configure the primary slave
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.100/24
set port2-ip 192.168.2.100/24
set port3-ip 192.168.3.100/24
set default-gw 192.168.1.1

2. Configure the device as the primary slave node with the following commands:
hc-settings -s -tP -nPslaveB -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd

3. Review the cluster status with the following command:
hc-status -l

Step 3 - Configure the normal slave
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.101/24
set port2-ip 192.168.2.101/24
set port3-ip 192.168.3.101/24
set default-gw 192.168.1.1

2. Configure the device as a slave node with the following commands:
hc-settings -s -tR -nSlaveC -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd

3. Review the cluster status with the following command:
hc-status -l

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
FortiSandbox Custom VM

아래한글 지원 custom VM 입니다.

http://fsavm.fortinet.net/WIN7X86VM_HWP.pkg.7z 
파일을받아서 FTP 서버에올려놓고아래처럼 fw-upgrade 로올려야합니다.
>fw-upgrade -l -v -tftp -s192.168.200.100 -uadmin -padmin -f/VM/WIN7X86VM_HWP.pkg.7z

기본 패키지 업로드
>fw-upgrade -l -v -tftp -sfsavm.fortinet.net -uanonymous -f/general/image/2.0.0/2015022118_vm.pkg.7z

ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z


커스텀 패키지 업로드
> vm-customized -cn -tftp -s10.10.11.111 -uadmin -padmin1 -f/V5Win7EntSP1x64.vdi -oWindows7_64 -vCustHWP7

> vm-customized -cn -tftp -s192.168.234.223 -unicstech -pnics00 -f/V5Win7ProSP1x86/V5Win7ProSP1x86.vdi -k344ADE788168B08581349D71C8299AFA -voWindows7 -vnCustHWP

메타 파일 업로드
> vm-customized -cf -tftp -s10.10.11.111 -uadmin -padmin1 -f/metafile.txt -vCustWin7-32
--2016-09-29 17:33:09--  ftp://10.10.11.111/metafile.txt
=> '/drive0/tmp/customizedvm.meta.tmp'
Connecting to 10.10.11.111:21... connected.
Logging in as admin ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD not needed.
==> SIZE metafile.txt ... 108
==> PASV ... done. ==> RETR metafile.txt ... done.
Length: 108 (unauthoritative)

metafile.txt 100%[=============================================================================>] 108 --.-KB/s in 0.002s  

2016-09-29 17:33:09 (43.7 KB/s) - '/drive0/tmp/customizedvm.meta.tmp' saved [108]



메타파일
파일명 : metafile.txt
HWP NEO Viewer
Visual C++ Redistributor 2013
.NET Framework 4.0
Adobe Flash Player 22.0
Alzip 10.5

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28


Fortinet euc-kr 한글 지원 설정

CLI>
config system appearance
set fallback-charset EUC-KR
end

Spam Score 96 설정

CLI>
config antispam deepheader-analysis
set confiddence 96.000000
set greyscale-level 7
end

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28

## Dynamic source NAT without changing the source port (one-to-one source NAT)

# Problem


Some protocols or services will only function if they use a specific source port, or a source port that does not change. Normally source NAT changes the source port to allow multiple simultaneous sessions. 

# Solution

You can select the fixed port option to restrict the FortiGate unit to not translate the source port. This results in a one-to-one NAT configuration. One-to-one NAT limits the number of simultaneous sessions that are supported because one variable for tracking sessions (the source port number) is no longer available. To allow more sessions, one-to-one NAT is normally used with multiple external IPs added to an IP pool. 

In this example, you enable one-to-one NAT by enabling the fixed port option in a security policy and adding an IP pool containing three IP addresses: 172.20.120.[13-15]. The fixed port option is enabled from the CLI so this entire example is configured from the CLI.

1 Enter the following command to add the IP pool:

config firewall ippool

edit Dynamic-Source

set startip 172.20.120.13

set endip 172.20.120.15

end

2 Enter the following command to add a security policy that allows users on the private network to access the Internet.

config firewall policy

edit 0

set srcintf internal

set srcaddr all

set dstintf wan1

set dstaddr all

set schedule always

set service ANY

set action accept

set nat enable

set fixedport enable

set ippool enable

set poolname Dynamic-Source

end

If you edit this policy from the web‑based manager, you will notice that the Fixed Port option is visible and is selected.

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28

Self Serve Spam
http://www.maysoft.com/selfservespam.nsf/dl

Type of Spam
https://www.securelist.com/en/threats/spam?chapter=88

Sample Spam Email
http://www.kevingunn.com/spam.htm

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28
FortiGate diagnose CLI  (0) 2015.12.28

Fortigate SIP ALG / Fortinet SIP ALG

FortiOS has two features that can modify the SIP headers and SDP parameters. The first feature is called the “SIP Session Helper”. If you are experiencing one way audio issues disable this feature first, reboot your IP phone then try making another call. If disabling the session helper does not work, disable the SIP ALG as well.

To disable the sip session helper:

1 Enter the following command to find the sip session helper entry in the session-helper list:

show system session-helper

edit 10
set name sip
set port 5060
set protocol 17

2 Enter the following command to delete session-helper list entry number 10 to disable the sip session helper:

config system session-helper
delete 10

To disable the SIP ALG:

There are typically two VOIP profiles on a factory shipped Fortinet firewall. You may need to disable both profiles to fully stop the ALG.

config voip profile
edit VoIP_Pro_2
config sip
set status disable
end
end

See the Fortigate Technical documentation page for further details.

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28
FortiGate diagnose CLI  (0) 2015.12.28
FortiGate FGSP  (0) 2015.12.28

FortiAP Configuration

To enable the FortiAP using Zero Configuration:
1. After connecting the FortiAP unit as described in the previous chapter, the unit goes through its boot procedure and requests an IP address from the DHCP server.
2. If the IP address is retrieved successfully, the FortiAP enters discovery mode to locate a FortiGate or FortiWifi wireless controller. The discovery modes are:
• Broadcast
• Multicast
• DHCP option 138
3. Verify that the FortiAP has successfully connected to the controller.
In the FortiGate Web-based Manager, go to WiFi Controller > Managed Access Points > Managed FortiAP. A successfully discovered unit displays an orange circle with a question mark.
4. Select the access point and click Edit.
5. In the State field, select Authorize.
6. In the AP Profile field, select Change, then select a profile from the list and click OK.
The configuration is downloaded from the wireless controller to the FortiAP and the WiFi LED lights up.
To enable the FortiAP with a static IP address:
1. Connect the FortiAP device to a separate private switch or hub, or directly connect it to your management computer via a cross-over cable.
2. Configure the management computer to be on the same subnet as the internal interface of the FortiAP unit:
a. Browse to the Network and Sharing Center > Change Adapter Settings > Local Area Connection Properties > Internet Protocol Version 4 (TCP/IPv4) Properties.
b. Change the IP address of the management computer to 192.168.1.3 and the netmask to 255.255.255.0.
3. Use a Telnet apllication to connect to IP address 192.168.1.2.
4. Type admin in the Name field, leave the Password field blank, and press Enter.
5. Configure a static IP address for the FortiAP unit and netmask & gateway information for your network, using the following commands:
cfg -a ADDR_MODE=STATIC
cfg –a AP_IPADDR=xxx.xxx.xxx.xx
cfg –a AP_NETMASK=255.255.255.0
cfg –a IPGW=yyy.yyy.yyy.yyy
cfg –a AC_IPADDR_1=zzz.zzz.zzz.zzz
where xxx is the IP address of the FortiAP unit, yyy is the Gateway IP address and zzz is the IP address of the FortiGate Wireless Controller.
6. Save the configuration by typing the following command:
cfg –c
7. Unplug the FortiAP unit and plug it back in order for the configuration to take effect.
8. Move the FortiAP to the intended deployment location and connect the Ethernet cable as described in the Connecting Your FortiAP Unit section.
9. Log in to the FortiGate controller Web-based Manager, and go to WiFi Controller > Managed Access Points > Managed FortiAP. A successfully discovered unit displays an orange circle with a question mark in the Status column.
10. Select the access point and click Edit.
11. In the State field, select Authorize.
12. In the Edit FortiAP dialog box, select Enable Wireless Radio. Leave the remaining settings at their default values. The configuration is downloaded from the FortiGate unit to the FortiAP device.
For more information, see the Deploying Wireless Networks Guide, available on Fortinet’s technical documentation website, http://docs.fortinet.com.

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28
FortiGate diagnose CLI  (0) 2015.12.28
FortiGate FGSP  (0) 2015.12.28
FortiAnalyzer 점검 CLI  (0) 2015.12.28

diagnose debug enable
diagnose debug flow show console enable
diagnose debug flow filter add 10.10.20.30
diagnose debug flow trace start 100


fg60cxadsl # diagnose sys session filter src 192.168.1.110
fg60cxadsl # diagnose sys session filter dport 80


Next it's time to clear the session by issuing thesession clear command as follows:

fg60cxadsl # diagnose sys session clear
Step 3: Sniffer trace

Take a sniffer trace as per the following examples when running a constant ping (or TCP connection) from PC1 to PC2.
This will answer the following questions:
- Is traffic arriving to the FortiGate and does it arrive on the expected port?- Is the ARP resolution correct for the targeted next-hop?- Is the traffic exiting the FortiGate to the destination?- Is the traffic sent back to the source?

FGT# diagnose sniffer packet any "host <PC1> or host <PC2>" 4

or

FGT# diagnose sniffer packet any "(host <PC1> or host <PC2>) and icmp" 4


Including the ARP protocol in the filter may be useful to troubleshoot a failure in the ARP resolution (for instance PC2 may be down and not responding to the FortiGate ARP requests)

FGT# diagnose sniffer packet any "host <PC1> or host <PC2> or arp" 4


To stop the sniffer, type CTRL+C.

Step 4: Debug flow

Traffic should come in and leave the FortiGate. If not, proceed with a debug flow as follows:

diag debug enable
diag debug flow filter add <PC1>    or    diag debug flow filter add <PC2>
diag debug flow show console enable
diag debug flow trace start 100          <== this will display 100 packets for this flow
diag debug enable


To stop all other debug, type "diag debug flow trace stop".

Step 5: Session list

diag sys session filter src PC1
diag sys session list 

or 

diag sys session filter dst PC1
diag sys session list 

To clear all sessions corresponding to a filter:

diag sys session filter dst PC1
diag sys session clear

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28
FortiGate diagnose CLI  (0) 2015.12.28
FortiGate FGSP  (0) 2015.12.28
FortiAnalyzer 점검 CLI  (0) 2015.12.28
fortigate File reached uncompressed size limit  (0) 2015.12.28

1. VDOM enable
conf sys global
set vdom-admin enable
end

2. Create VDOM
conf vdom
edit test

3. VDOM mode setting
TP
conf vdom
edit test
conf sys setting
set opmode transparent
set manageip 10.10.10.1/32
end
end

4. Management Port setting
conf sys interface
edit mgmt
set vdom root
set ip 10.10.10.1/24
next
edit port1
set vdom test
next
edit port2
set vdom test
next
edit port4
set ip 192.168.12.1/24
set allowaccess ping https ssh snmp telnet
next
end

5. Sessins-sync setting
conf system session-sync
edit 1
set peerip 192.168.12.2
set syncvd test
next
end

6. HA setting
conf sys ha
set hbdev port3 100
set session-sync-dev port4
set hb-interval 4
set hb-lost-threshold 12
set ha-uptime-diff-margin 1
set session-pickup enable
set session-pickup-connectionless enable
set session-pickup-expectation enable
set session-pickup-nat enable
set standalone-config-sync enable
set override disable
end

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiAP Configuration  (0) 2015.12.28
FortiGate diagnose CLI  (0) 2015.12.28
FortiGate FGSP  (0) 2015.12.28
FortiAnalyzer 점검 CLI  (0) 2015.12.28
fortigate File reached uncompressed size limit  (0) 2015.12.28
FortiGate 점점 CLI  (0) 2015.12.28