Complete FortiGate Cookbook

The complete FortiGate Cookbook is available for the following versions/formats:

Please note that the complete Cookbook is updated on an on-going basis and may not include the most recent recipes.

  • Eric Orina Mariita

    Hey guys..Am new to Fortinet..Trying to find my way out..I see lost of products where do i begin with.Am a technical engineer with my company which i just registered as a partner and got the authorisation

  • jeff

    Hi guys, Im currently reach my limit with IBM SNA Traffic and Fortigate Firewall. Can Fortigate (eg:60C,300C) establish SNA communication with the main IBM mainframe? I have changed to Transparent Mode but still cannot find the right solution. The client server still cannot communicate with the main server.

    cisco = already enable dlsw feature. if the ibm as400 server connect directly to the router gigabit interface, the SNA is established.

    l3switch = do the routing for the vlan. already isolate this area.

    fortigate = set to NAT and transparent mode, policy ALLtoALL enable, l2fwd/vlanfwd enable at internal/wan2 interface. Result = Pingtest is successful, but the SNA session is not established between branch and heaquarter.

    Your kind help is highly appreciate.

    thanks,
    jeff
    malaysia.

    • bdickie

      I would recommend that you contact Fortinet Support about this issue.
      Follow this link for info.
      http://cookbook.fortinet.com/how-to-work-with-fortinet-support/

      • jeff

        Hi BD, yes i would, but the service contract has just expired. do u have any advice regarding the IBM AS400 deployment ?

        • bdickie

          I don’t have any experience with SNA but from what I can tell FortiGates don’t support SNA. They support TCP, IP, UDP, SCTPO, ICMP etc. but not SNA. It looks like it is possible to set up SNA over TCP, perhaps that would be a solution.

          • jeff

            A quick look, the SNA session is running fine if the AS400 server and the ISP router connected to the bridged port of the fortigate unit. What I am trying to do now is to move the ISP router connection to port WAN1 or WAN2 at the FG unit. I did, but it achieves nothing. ** This is ISP migration project **

            BTW thanks sir. I’ll figure out something tomorrow. Please pray for me.

          • bdickie

            Good luck, I am sorry we couldn’t help.

          • jeff

            Hi Sir,
            We changed to transparent mode. The SNA traffic able to pass and the session is UP. But after quite a few minutes, internal network face intermittent issue. Any advice?

          • bdickie

            Hello, I did get one bit of information I can relay to you, but otherwise we can’t continue to provide support with this issue. It was recommended that you enable DLSw on the L3SW and not on the Cisco router and put the FortiGate back into NAT/Route mode.

          • jeff

            Hi Sir,
            Yeah, that sounds great. I shall give it a try and will let u know.
            Thanks 🙂

          • jeff

            how about creating a gre tunnel between the FG itself ?

  • jeff

    Hi guys, Im currently reach my limit with IBM SNA Traffic and Fortigate Firewall. Can Fortigate (eg:60C,300C) establish SNA communication with the main IBM mainframe? I have changed to Transparent Mode but still cannot find the right solution. The client server still cannot communicate with the main server. Your kind help is highly appreciate.

    thanks,
    jeff
    malaysia.

  • adam muhammed

    Can any friend describe me how can I configure port forwarding in My Fortigate30D ? I don’t know how to do this. My supporting Micro ATM team need to open one port (eg. 7009) ,configured in their interface installed in one system which is in a LAN. They asked me to type in “cmd” like “public static IP space port no” . Then they said . the interface will get connected. For the last and current weeks I was trying for that. but could’t. Please help me…. thank you

  • adam muhammed

    I am unable to open a port in my desktop connected with lan and fotegate30D

    • Victoria Martin

      Hello Adam,

      I’m not quite sure what you mean when you say “open a port.” Could you describe the issue?

  • Prashanth.S. Kannur

    i was not able to create virtual wan link under interface create new interface. i wasnot able to see Virtual wan interface under interface>create new

    • Victoria Martin

      Hello Prashanth,

      What version of FortiOS are you using? There were several changes made to how virtual wan links are used in recent releases. In particular, there was a change made in FortiOS 5.2.1 that added a new menu for these interfaces, which can be found at System > Network > WAN Link Load Balancing. For more information, check out this recipe: http://cookbook.fortinet.com/redundant-internet-connections/

      Hope that helps!