Using FortiNDR to Detect Malicious Activity
In last month’s post, I wrote on how to send traffic into FortiNDR to detect malware and malicious activity. Since then I brainstormed how to pump a lot of malicious traffic through my network and ended up using a mix of FortiTester, AlphaSOC, nmap and malware samples. My goal...
Network Detection and Response
In a past life as a member of a Blue Team providing defensive security, I loved tapping critical points of the network and mirroring that traffic to an IDS, then to our SIEM so that we could detect malicious and anomalous behavior on the network. Naturally I had to...
FortiZTP
In a past blog post, I blogged about the various zero touch and low touch provisioning options when setting up new FortiGates. Since then, Fortinet has released FortiZTP to simplify zero touch provisioning further than what FortiDeploy provided. FortiDeploy used FortiGate Cloud to point FortiGates to FortiManager, but it...
FortiGate BGP and SD-WAN
BGP and SD-WAN are like peanut butter and jelly — just better together. And given that a FortiGate has full-blown BGP routing capabilities in addition to its SD-WAN capabilities, it would make sense to use the two functions to share information with each other when steering traffic. To plagiarize...
FortiManager as FortiGuard Proxy
In a recent proof of concept, we needed to configure FortiManager and the FortiGates to work through a web proxy. We configured FortiManager to act as the FortiGuard proxy (or FortiGuard Distribution Server (FDS) in Fortinet-speak), that way we only had to modify the web proxy to permit FortiManager...
Fortinet SD-WAN Lab Setup (2023 Update)
Last year, I blogged about how I had built a SD-WAN lab for FortiGate and FortiManager demos. I wanted to better illustrate Branch deployments and in 2023 I rebuilt the lab with more Branch FortiGates. I’ve also upgraded my home lab from FortiOS 7.0 to 7.2, which introduced a...
FortiDeceptor for OT Honeypots
I work with a lot of enterprise manufacturing customers and the common challenge is adequately securing Operational Technology (OT) networks. These SCADA, ICS and PLC devices responsible for building products were never designed with security in mind and are an easy target for attackers. They’re also the lifeblood of...
Fortinet SD-WAN Lab Setup
As a Fortinet Systems Engineer, I will often run SD-WAN proof of concepts for my customers and have a need to create solid configs for these as well. To have this always-on lab, I utilized my VMware ESXi server to run two FortiGate VMs as Hubs and connected two...
FortiGate Zero Touch Provisioning (ZTP) & Low Touch Provisioning
Joining Fortinet as a Systems Engineer, I’m 6 months in and one of the coolest ways to deploy a FortiGate firewall is one of the many Zero Touch Provisioning (ZTP) or low touch provisioning methods. I wanted to highlight each of these here to help you plan your rollout!...