Figure out what Applications are going across your network and GET CONTROL of your security!
@ricardos.l.41634 жыл бұрын
Subtítulos xD.
@cjlabbe Жыл бұрын
Seeing System -> Settings -> NGFW mode was very helpful. Thanks!
@VijayaBaskarvvk3 жыл бұрын
Just watched once.. getting addicted..and subscribed... You deserve it...
@carlossanchez37393 жыл бұрын
I am about to start a new job as a Cybersecurity Analyst and now i know if will be managing many fortigate. I have never touched one before but viewing your videos has given me a relief. Thank you Mike.
@Jlousauvage2 жыл бұрын
Thank you for making the first completely understandable tutorial I've seen about the fortigate. Cheers.
@youngcchung81764 жыл бұрын
You are a great teacher. Thank you.
@fredmarshall87352 жыл бұрын
Mike, you've been helping me a lot! Thanks. Now I'm putting an 80F 6.4.10 into service. The idea is to use Policy-Based and to do fairly heavy Application-Based blocking. A couple of issues for me: - I don't know what applications are in use so I have to figure that out by capturing them. - As you've suggested, I have logging set up but don't know what to look for to see just application accesses. Then, I'd pick the commonly-used production apps to Allow. That's sort of a "white list" approach and I'm a bit leery of doing that as there will no doubt be a long learning curve
@mauriciojosealmontebatista22843 жыл бұрын
Thanks for sharing this content, I'm subscribed and hit the notification button, Good stuff man keep it up, im 100% focused on Fortinet and PALO for now, i think they are super good.
@theywillcome8433 жыл бұрын
Thank you for your very instructive videos.
@RaviChinasamy4 жыл бұрын
Awesome and straight to the point Video! Keep those coming, mike! :)
@anilbeharry4 жыл бұрын
Thank you for another good production.
@FortinetGuru4 жыл бұрын
Thank you!
@roflolo4 жыл бұрын
Hi Mike. Really appreciate your work (and your wit). Would you consider making A to Z Fortinet courses on a platform such as Udemy ? Don't get me wrong, free stuff for the community is so valuable, but I know I would definitely subscribe to a complete and organized course (sections, labs, etc.).
@FortinetGuru4 жыл бұрын
The thought has crossed my mind
@carlossanchez37393 жыл бұрын
@@FortinetGuru you should Mike, you are great!
@andresparraagramont56054 жыл бұрын
Great video Mike, very useful
@zachthatguy73912 жыл бұрын
You're the man!
@watsonjosue31704 жыл бұрын
Great video! which is better to us in an environment, UTM Profile or Policy Profile driven policy? Thank you Mike for great content.
@SantoshSharma4 жыл бұрын
Nice Video, Have u observed when selecting Flow mode or proxy mode in fw policy (New feature from 6.2) the UTM doesnt get change. as Flow mode only support less UTM features like VOIP it doesnt support. Also when u click on creating web-filter for Flow based from Policy then it shows you proxy web-filter.
@tknocan2 жыл бұрын
Great video man, want to know if the same block we can do with the profile-bases and the policy base, so excecutives can have access to youtube and the rest dont.
@hennessy69962 жыл бұрын
Good demo, thanks.
@jefflambert75133 жыл бұрын
Nice, just came across your channel while I was looking for info about having both Tunnel and Bride mode for FortiAP. My WiFi thoruput is slow (currently in tunnel mode), so I'm considering switching over to bridge mode. I have several SSID's and would like to keep them is possible. Glad I stopped to listen, will definitely watch all your other videos... I'm one of those that have spent hours trying to figure things out, as frustrating as it is at times it is a good learning experience. I have a 60F I use for home and work. I do have one question regarding the CATCH-ALL to allow all other traffic out. Wouldn't one want it to deny all other traffic because the other policies are taking care of what you allow out? This is probably a silly question....Thanks for doing the videos..the answer I'm looking for is probably in one of your other videos. Take care and Thanks !!!
@tekatiescholasticateerite1084 Жыл бұрын
Hi Mike. Appreciate your tutorial. Well, do you have a tutorial on configuration bridge lan as a domestic link?. Thank you
@ndloh4 жыл бұрын
For fortigate, I think this is a must feature to know your traffic readable in fortiview, else it is very hard to know where is the traffic in and out with what application in use. From fortiview can see clearly what application is in use and some of the vendors like aws, teamviewer have a lot of IP, so this feature filter all it. And recently I found that the services function also can use base on vendors services, this is awesome and I hope more vendors will be cover by fortigate for example some could base antivirus like Cybereason, Crowdsrtike etc. Great video.
@gcvillamorify2 жыл бұрын
Hi Mike, thanks for sharing your knowledge. DO you have any videos how to block Skype, whatsapp or any other video calling applications but allow the messaging only of those apps?
@crystalku85542 жыл бұрын
Thanks for your demo, May I know how to setup executive youtube in FortiGate 101F?
@pvprakashpv3 жыл бұрын
Great Video. Google Chrome is allowing KZbin traffic even if it blocked. How to fix that
@FortinetGuru3 жыл бұрын
Are you allowing QUIC? It will bypass some threat protections if you are.
@maxysadm4 жыл бұрын
Awesome video.... I'm not able to find the link you mentioned to work on the tweak of the app control BASE.
@ITNerdistan4 жыл бұрын
It is in this video, about half way through kzbin.info/www/bejne/o3SWqamQjKuAqrs
@piratev204 жыл бұрын
Hi Mike , Under Application control , we are having two options " Network Service" and " General Internet" could you please tell me which of them should be allowed and which need to be block . Please share guidelines for the same
@leetanizer2 жыл бұрын
Hi Mike, thanks for your video. I have a question regarding the "Allow and Log DNS Traffic" application control profile option. The only info I managed to find regarding this option is that we should only enable it during investigation. 1/ when the option is enabled which DNS requests will be logged ? all dns requests ? 2/ where can I find the logged DNS requests ? 3/ Disabling this option is supposed to block DNS traffic ? I setup a small lab, and disabling the option didn't lead to block DNS requests . I wasn't able to find the documentation regarding what this option does excatly ... any help would be appriciated :) many thanks,
@saifemran45284 жыл бұрын
Thank you!
@RoshanZakky2 жыл бұрын
hi there nice tutorial after i add the firewall i couldnt download any applications can you please tell me how to do that? im new to fortigate environment please let me know thank you
@massimilianodefalco40672 жыл бұрын
Hi Mike, I have a cuestion about the user. The user "mike" is configured in active directory server? For ex: I have a domain user "max". The FG can identify "max" as domain user? In other words, the FG can identify the user logged in domain PC?
@daphenom4 жыл бұрын
Thank you for this very informative video. Question - for a security policy, if i dont have any app control profile applied to it, does it still identify application traffic? or does it just show up on the logs as a standard firewall port based traffic? I guess what I am asking is, if I want the app to be identified (whether i want it blocked or not), do I always need an app control profile? Thank you in advance.
@FortinetGuru4 жыл бұрын
You need an application sensor applied to the policy passing traffic in order to view the app data. Fortinet does not auto ID like Palo Alto does.
@GoldenBoy40ro3 жыл бұрын
NIce video man, best regads from Mexico, i didt now obut de second way you block youtube, have a nice day
@sidhardha12 жыл бұрын
Sir please uploaded all videos of fortigate firewall
@thom713 жыл бұрын
Hi Mike, I'm trying to figure out how to let the kids get on youtube for 30 minutes a day. I can't seem to get it working. Have you done timers with it yet?
@FortinetGuru3 жыл бұрын
You could do quotas but that is more on bandwidth. Time wise I suppose you could do a policy with a 30 minute schedule assigned to it and let them know they can only get to KZbin from 11-11:30 etc? 😂
@thom713 жыл бұрын
@@FortinetGuru I was trying to use the time based quotas that are in 6.4. The problem is these stinking chromebooks the kids have from school. I may have to open a ticket with Fortinet and try and get it working.
@lenders11644 жыл бұрын
Amazing stuff as always! Qq does NGFW/policy mode also require ssl w deep packet inspection? Thinking of shifting gears over to that style (been in legacy profile-based since forever)
@basavarajhosamani1577 Жыл бұрын
Hey Fortinet Guru, Restricted SaaS access do the video its very help to all.
@3kneeboi Жыл бұрын
How do you apply application and web filters to mobile phones ? These filters are only working on computers.
@bboosss10653 жыл бұрын
is it better to use dns filter to block a website ? what is the advantage of using layer 7 inspection
@sayfarouaia47984 ай бұрын
Difference with "internet services" as destination ?
@din8834 жыл бұрын
great! tnx
@stefpm86533 жыл бұрын
Hello, i have a prept configuration file to upload to a Firewall Fortigate 61F. But i don't now how. Can you provide me some information please?
@ebosac88133 жыл бұрын
Please in the app category can i find STBemu for iptv to allow on fortigate ?
@ahanabhattacharya39942 жыл бұрын
Question: Fortigate has been blocking my spotify how do I resolve it?
@MaxPilloni Жыл бұрын
Hi Mike. I'm struggling a bit with my Infrastructure Specialist role because our consultant IT Manager is also a kind of technician in his company and he's very intrusive with the work I do. Nowadays he's insisting in putting in place super LAN2WAN restrictions going back to L3-4 traditional firewall rules sending to trash all the troubleshooting work I've done to fine-tune applicationcontrol and webfilter based firewall policies. For example he's applying L4 service filters on policies to which application control is already applied. Doing so, if policy is matched when outgoing service is HTTPS, when firewall sees let's say a Microsoft Teams call which is a non-HTTPS connection it shouldn't match the rule and go forward until it matches implicit deny all, right?
@FortinetGuru Жыл бұрын
App control gives you the ability to limit based on applications. Using straight layer 3-4 traditional firewall rules is rudimentary for the use case you are mentioning. Not sure how we can tweak that to meet your managers needs without giving him a lesson or two on NGFWs. Are you running UTM mode or NGFW Mode? If NGFW mode, there is no reason to limit by Layer 3/4 because applications will be taken into consideration anyways. Also, most services run on CDNs now so locking stuff down by IP is a crazy ask.
@MTESKEREDIC2 жыл бұрын
Thx
@cwong593 жыл бұрын
Can we block 3DES in application control? thanks
@jaganorissa4 жыл бұрын
Which mode most of the enterprise prefers policy-based or profile-based ?
@FortinetGuru4 жыл бұрын
Most are running Profile mode. Most dont run policy based on Fortinet devices yet. I'm going to start trying though :P
@bernhardroth80344 жыл бұрын
@@FortinetGuru This is a very good point. From my experience the profile mode is much more stable and evolved than policy mode. Visibility seems to be much better in profile mode as well. There are so many small issues, tweaks and bugs when using policy mode in production. Policy mode may be the future but man, Forti Q&A department needs to hire!
@shanavazks2243 жыл бұрын
can u make video tutorial where we can control or allow all whatsapp call traffic to other Branch fortinet ISP in site to site fortinet scenario and all other internet traffic to stay and go in HQ fortinet ISP
@sidhardha12 жыл бұрын
How to block RDP in fortuner firewall sir
@hotximin60084 жыл бұрын
As per information available in FortiOS-6.2.4-Cookbook.pdf - page 276, All cloud applications require SSL Inspection set to deep-inspection on the firewall policy. For example, Facebook_ File.Download can monitor Facebook download behavior which requires SSL deep-inspection to parse the deep information in the network packets. For cloud apps, this requirement of having SSL Inspection set to deep-inspection in the firewall policy is NOT specified in FortiOS-6.0-Handbook.pdf Q1: Does cloud application control work in v6.0.X, with the default SSL inspection profile, without doing SSL full-inspection (as this requirement isn´t specified in Forti´s official documentation)? Q2: For cloud apps and the default SSL inspection profile, can the main App be controlled in the security policies (i.e. Facebook) but any dependent App (i.e. Facebook chat) cannot be controlled (allowed/blocked/ etc...)? Q3: Why do cloud apps have this requirement for SSL deep-inspection, but other apps do not need SSL deep-inspection enabled?
@ebosac88133 жыл бұрын
Bro can u help me on how to block a portion of youtube and limit it to education only?
@_tube19642 жыл бұрын
how to block psiphone proxy software by fortinet firewall
@jko15012 жыл бұрын
What happened to your hair?
@FortinetGuru2 жыл бұрын
? It changes wildly due to making videos so far apart lol