Видео

Subscribed - great video

Hey buddy! May I ask, using SSO with deep packet inspection configured, can I still exclude certain category of websites like finance without any problem?

Great video and explanation of this topic. I'm just getting started with Fortigate and looking forward to more of your videos. Thank You

Good video. I just bought my fortigate and thought it was protecting me but it wasn't.

Excellent! Thank you for these videos.

Golden! Thank you 😊

Thanks dude

Hello, I would like to ask three questions 1. Is there an architecture diagram of this video, including all IP addresses? 2. Is there any pre-configuration that needs to be completed at the beginning of this video, such as IPSEC VPN SDWAN, and then set up after the VPN is established? 3. Regarding FAZ IP, I don’t know much about it here. Are the FAZ IPs of HUB and SPOKE the same? If so, do all the points need to be connected to the same FAZ in the front end?

What event did you use at 2:55 to detect WAN1 sdwan is down or up? SDWAN status warning? or?

Thank you for the video. I do have a question: Why in the case of internal traffic leaving to internet we need to apply even the IPS Signatures and Filters ? Is it just enough to enable Block Malicious URLs and Outgoing Connections to Botnet Sites ? so you can save memory and cpu ?

Hey, I know Dave!

Forgive me, I am pretty new to Fortinet equipment and still learning. What benefit would there be to use this if I were to use FortiManager in an enterprise? Would this work the same as a ADOM in FortiManager which shares a policy and object database with devices in the same ADOM? Great video and fantastic explanation! Thank you!

Thanks for this!

Very helpful video, nice and clear, thanks.

Commendable attitude on sharing your knowledge my brother, but i got a question that is bothering me and acctually made me stuck with the firewall study. I got an Fortigate 7.4 running in VMWare, and there is a LAN segment where i put the VMs i'm using as a lab, and even with he Fortinet_CA_SSL.cer installed on both OS and browser, i still got the same error, and it does not allow me to "Accept the risk and continue". I've litterally have done only this, created a permissive policy and added the SSL inspection, as soon as i turn off the inspection, it turns back to work propperly. THE ERROR "Firefox detected a potential security threat and did not continue to www.google.com because this website requires a secure connection." Thank you for your content, hope you see my comment, peace for you my man.

Great video!

Good video! In my case when i enable the proxy arp, there's no need to configure a policy because allows all traffic automaticaly. I don't want to allow all the traffic, but when i create the policy it still allows all, any suggestions?

Like the video but increase the font size on the cli

Can I set up security fabric without FortiAnalyzer?

unfortunately many countries like china use DPI in order to filter the internet

Can you please help me with setup ZTNA + NPS extension (AZURE) to provide the MFA when HTTPS and TCP forwarding ZTNA?

Thank you!

Awesome work! Keep it going!

I'm really happy this feature got carved out of the DLP feature

Very helpful examples!

Hopefully we get to enjoy Web Filtering for a while longer before Encrypted SNI grows in adoption and will start to require Deep Packet Inspection to work

many organizations don't realize the FortiGate (or any other NGFW) is way less powerful with Deep Packet Inspection, good points Chris.

we're starting to look into FortiFlex too at our MSSP. We're hinging on starting off using it as a flexible pool of points to spin up lab environments in a private cloud environment and "PAYG".

Great video, thanks for sharing. New subscriber

In my experience, customers rarely care about intra-VLAN communication. They should be caring though. Enabling this FortiGate/FortiSwitch-feature brings the neccesary extra visibility and enforcement controls like you showed us. Good video Chris!

Good find! Was it the following article you stumbled upon? belegdal.wordpress.com/2019/03/11/serial-access-to-fortiswitch-108d-via-netcat/

While being aware of the CTAP program, I haven't used it. Maybe I should have. Thanks for showing us how the process looks, very interesting!

When I initially encountered FortiDeceptor as a new product, I was quick to label it a honeypot. Since it came out, it has definitely proven itself way more capable than just a honeypot.

having this kind of device posture / compliance checking for network-level access to a network resource is killer and I bet we'll see a steep rise in the adoption of technologies like these moving forward

I've had the pleasure of meeting Vincent during an Xperts event in the Benelux on FortiPAM, very smart guy and loved listening to his presentation.

UDP support for ZTNA (TFAP? UFAP?) along with pre-logon connectivity would be game changers

wondering if Fortinet is using their own "Endpoint Vulnerability" signatures for this scanning or a third party engine, and if Fortinet will ever (re)publish a network-based vulnerability scanner for self hosting.. :)

these screens are huge!

Looking forward to the existing and future content!

hey bro, thanks for these

What are the requiremnts so that one will be working FORTINET TAC support

How do you get access to this

One thing I've learned after years of managing FortiGates is to never use the VPN wizard. Always build custom tunnels and create your own firewall policies.

Can’t wait because fortinet support drives me crazy

Hyper-V Next? 😃

Great video! Thank you

indeed, a knowledgeable session, loved it!!

Big Thanks for this vid

Awesome Video! The Policy-Package Spoke: If you have a special requirement for one spoke, lets say tcp/1234 to some server in WAN. Would you apply a different policy package to that spoke or just apply that to you default policy package?