The GOAT of FortiGate tutorials

Sounds like you have just been through a rough day. Cheer up Mike, we do like your videos. 😉

Thank you! You have been my main goto for Fortigate issues!

Great to see that you are back at last. 😊

I have a pair of 500D and 300D FortiGate firewalls. Each pair are in HA. Definitely nice to have in the enterprise! I'm planning on introducing a pair of 1024D's and hopefully utilize MC-LAG

I have a pair of 601E at data center and corporate office. Both using HA setup. Although I am not using two Fortinet switches as HA. They're configured with a group of 4 ports VLANs to handle the WAN, LAN, VOIP and DMZ. It's not ideal but it makes moving the physical cables from one switch to another easy if one should die. I also have a third switch as a cold spare in the rack. I did the same thing with the WatchGuards before we moved to Fortinet products. Some ISP providers will give you two WAN drops for your HA setup. I agree on using active and passive in the HA cluster so you don't get into a pinch about performance if you need to do maintenance or one should die. There is one thing I did like about the WatchGuard's license policy for active / passive setup is that you only need live security on both devices. IPS and other licensed services are only required on the active device.

Thanks for this, Mike! Been very curious about the process for this for some time, but haven't had two forti's to do this with or had anyone to watch do this.

I know I am late to the party, but I am doing the Fortigate implementation with the Cisco world (C9200 and C9300 L3). My Cisco's are set in HSRP and running inter vlan routing, hence the interfaces on the Fortis are setup as /30 and I run RIP on the Fortis, and EIGRP on rest of Cisco's environment then redistribute RIP to EIGRP LOL hahaha. Maybe it is time to ditch EIGRP and go with OSPF, but so far so good. I am not sure if I will ditch the C9200 and C9300s yet to Forti Switches, yet who knows. The future plan is to set the FortiNAC and test the integration with stuff like Meraki APs and Kanji for MAC auth. Anyhow, thanks for sharing the video, nice and simple!

Recently configured two Fortigates 200Fin HA and two Fortiswitch 524D as core with MCLAG ICL, then a buch of 148Fs hanging from the latter for edge switching

I love Fortigate because is extremely simple and extremely clear (best GUI) vs Palo Alto, SRX and so on. Team from Fortinet does good work.

Missed your videos. Looking forward to more in the near future.

1 - What options should we enable on the CLI to have a smooth failover? 2 - Can you do a video on using a firewall as layer 2, and maybe touch on how this works in a cluster?

Gave you credit with corporate armor for the whole new network I just bought. I'd love to get another 601 so I could do ha but the budget just isn't there unfortunately

Could you do a video on transitioning from static routing to dynamic routing like OSPF? I'm sure lots of people start out on entirely static routes then reach a scale where it becomes a pain to manage. I'm interested in the specifics on how the static routing will interact with the dynamic routes during the transition. Asking for a friend. 😉

I like your video. Thanks man

Wicked Video Mike, I did a HA setup too with my 61e's & pair of Cisco 24 port Switches :) Keep these videos coming !

Well it all look easy for you... I never did a irl setup so far ..hope I will be successful 🤞.. being a fresher in this field without any support..it feels so difficult 😭

Good video! Could you please make a video of a deep dive into the HA options such as monitoring ports and manual failover and failback? Maybe you could show HA status in the cli too. You could show how an firmware update works with HA.

Would like to make a request: Can you do a video setting up two AP's as a bridge, connecting two FSW together with fortilink and multiple vlan operation? This configuration is stumping the fortinet engineers!

Great as always!

Thanks for doing those Videos, they are very good. i have a question about "port channel" can we create port channel two cables between the FortiGate1 going one cable to the Fortiswitch1 and the other fortiSwitch2: doing the same with FortiGate2?

A while back I added MCLAG and you mentioned it, any plans to make a video on that. Also have a NAC deployment and was wondering if you had plans to make a video for pointers, maybe I missed something, maybe I missed a lot.

How do you wire the WAN ports on them? WAN1 and WAN 2 on both firewalls. If you only have one WAN drop from the ISP how does this work?

Would have been good to discuss session pickup more, what types of sessions can and can't be failed over and other ideas like that. I would also like to know more about active active, any chance of ajother HA video mate?

Hello, can you explain more why the frotigate is degraded when primary/slave failed in active-active setup?

Excellent tank you :)................

Set this up about 6 months ago with 101F Frotigates and 124F FortiSwitches. Opted for the FortiLink Split interfaces. Probably more of a pain than I needed to go through. Had one switch drop offline and needed a hard reboot to get it going again. Never did find the root cause.

That mac address story remind me of that day when I installed Fortigate cluster in a data center where another client had already another Fortigate cluster. We were both connected to the same datacenter internet provider switch and obviously spoofing the same mac address...

I find your content very helpful, the only thing that would help is if you could speak a bit more loudly or add a bit more volume to the audio for sometimes it's difficult to understand clearly what you are saying. Thanks and keep them coming.👍

The only firewall I know is Sophos XG and now XGS. I configured HA for a client that is a 24/7 company with 7 warehouses and it was easy and it worked as expected. I have always been intrigued by FortiGate. Which is better?

My experience, is that HA makes the maintenance window longer because the delay after one reboots we need to wait for them to Sync again. Depending on the customer some connections to the Internet will break during HA so for some customer its more outages than less, I am not advocating against redundancy, it's def. nice to have. But a single reboot for upgrade. Maybe Fortinet could improve the way they upgrade. Also I noticed that this on Active/Passive. Active/Active is not really a fact, I have tried to work with Fortinet Support and they have said that it doesn't really work to avoid outages.

Good video, I do have a question. Can you HA an existing firewall? I have a 201F and bought a backup unit.

Hey...have a doubt here.... Did you get a chance to check the CAM LAN switch where the secondary ports sre connected? They do not populate physical mac address of the Fortigate nic.... wanted to understand the concept

Hi, I like you lectures. Unfortunately I have problem you did not review - passing the multicast traffic from the provider to STB. Can I contact you to guide me about this?

Hellow, please make review about new version fortios 7.2!

Guru, I'm having a really hard time finding a way to build a whitelist in fortiOS 7.0.2, could you make a video talking about white and blacklist rules? how to build it properly? I've been researching reddit and forti cookbock but I just can't figure out what I'm doing wrong. love your videos I learned a lot from you keep it up !!

How about fortigate vs multiple switches session? Thanks.

Hi, do you usually do Central NAT? Is your preference Flow-based inspection?

Tight! Tight!! TY

Do you have any interest or experience in configuring FortiWeb?

13:03 from where did u bring floating IP

13:03 i was wondering, if there isn't a DHCP, how they are going to get a new management IP? and can we do it through cli?

Hey Mike, good time for you to make a video on how to block Log4J on Fortigate FW.

I like the sound of your keyboard and mouse, what do you use?

Need a Help: I need to allow port 3306 from outside company one particular IP address?

hi. I am looking at buying two 60f, can I use unifi switch to set up ha

Hope your doing alright Chuck its been a few months. Can you show us how to configure a FortiSwitch 224E in Stand alone mode? I've been having issues getting mine to work correctly with the management vlan.

Do you consider to set monitor port in HA settings? if the port down, the failover will happen right away.

Hi Mike, new to fortigate fw I recently watched your video about firmware upgrades and your three rules.. I Would really like to use video content filtering but its only included in V7 and not V6.4.6 So I guess my question is for new out of the box setup is it save/advisable to upgrade to newer firmware's and when do you bite the bullet to do upgrades in production? EXAMPLE: GA minus 2 versions Thanks

What equipment are you running your self this days?

I see you did not select the "Monitor Interface" option under HA. Curious to know how will FWs detect failover scenario.

hey, fortinet Guru, do you have any videos for VDOMs?

how can i deploy Fortigate FW HA active-active on AWS in muli AZ environment with autoscalling?

gracias Genio!!!

Great

thanks well legend

Hello from Russia. btw recently i configured Fortigate 200 mode with HA mode in prodaction.

Can we test the HA Cluster on EVE-NG ? Did any one try it ?

Hello Fortinet Guru just one question please I have fortigate which i made web filter on it but some user uses VPN to passthrow web filter how I can fix this, what the method to solve this thank you

HI Fortinet Guru I have a question. I have a setup that is in HA Cluster (Active-Active). The problem when I update the firmware both Firewalls will loose connection and restart. I was expecting that the Primary will be updated first, then the backup will be next. Can you give me any advise what I am doing wrong. Thanks

can someone explain how to do the process mentioned in 12:40 ?

Confused on how you have this hooked up to the switches...

1:35 Fortigates use HSRP? Don't use Cisco trash... VRRP, etc.

The part about the device priority is wrong. The lower the number, the higher the priority.

deus do fortinet

.

bla bla bla ...

I have to two fortigate firwall 201 f and want to configure cluster HA. And Also have to Wan connection. I need a little help with that. Can you please share your email address so we can discuss it sir.