Posts

Fortiguard tshoot

FortiGuard troubleshooting: The FortiGuard service provides updates to Antivirus, Antispam, IPS, Webfiltering, and more. The FortiGuard Distribution System (FDS) involves a number of servers across the world that provide updates to your FortiGate unit. Problems can occur both with connection to FDS, and its configuration on your local FortiGate unit. Some of the more common troubleshooting methods are listed here including Troubleshooting process for FortiGuard updates FortiGuard server settings Troubleshooting process for FortiGuard updates The following process are the logical steps to take when troubleshooting FortiGuard update problems. This includes antivirus (AV), intrusion protection services (IPS), antispam (AS), and web filtering (WB). Does the device have a valid licence that includes these services? Each device requires a valid FortiGuard license to access updates for some or all of these services. You can verify the support contract status for your devices at the

Fortinet used portno's

FortiOS ports In the TCP and UDP stacks, there are 65 535 ports available for applications to use when communicating with each other. Many of these ports are commonly known to be associated with specific applications or protocols. These known ports can be useful when troubleshooting your network. Use the following ports while troubleshooting the FortiGate device: Port(s) Functionality UDP 53 DNS lookup, RBL lookup UDP 53 or UDP 8888 FortiGuard Antispam or Web Filtering rating lookup UDP 53 (default) or UDP 8888 and UDP 1027 or UDP 1031 FDN Server List - source and destination port numbers vary by originating or reply traffic. See the article “How do I troubleshoot performance issues when FortiGuard Web Filtering is enabled?” in the Knowledge Base. UDP 123 NTP Synchronization UDP 162 SNMP Traps UDP 514 SYSLOG - All FortiOS versions can use syslog to send log messages to remote syslog servers. FortiOS v2.80 and v3.0 can also view logs stored remotely on a FortiAnalyzer

sh ip eigrp neighbors

R2# show ip eigrp neighboursIP-EIGRP neighbours for process 1 H     ADDRESS             INTERFACE        HOLD      UPTIME      SRTT    RTO     Q        SEQ       TYPE 1      172.16.3.4          S0/0/0                  10           00:01:41    20        200      0          7 0     192.168.56.85   S0/0/1                  10           00.09.49    25         200      0          28 The output from the show ip eigrp neighbor command includes: H column  – Lists the neighbors in the order they were learned. Address  – The IP address of the neighbor. Interface  – The local interface on which this Hello packet was received. Hold  – The current hold time. Whenever a Hello packet is received, this value is reset to the maximum hold time for that interface and then counts down to zero. If zero is reached, the neighbor is considered “down”. Uptime  – Amount of time since this neighbor was added to the neighbor table. SRTT (Smooth Round Trip Timer) and RTO (Retransmit Interval)  – Used by R

How BGP Routers Use the Multi-Exit Discriminator for Best Path Selection

Image
Translations   Download   Print Updated: March 23, 2012 Document ID: 13759 Contents Introduction Prerequisites Requirements Components Used Conventions The MED Attribute Example The bgp deterministic-med Command Examples Related Information Introduction This document demonstrates the use of the  bgp deterministic-med  command and explains how it can effect multi-exit discriminator (MED)-based path selection. Prerequisites Requirements There are no specific requirements for this document. Components Used This document is not restricted to specific software and hardware versions. The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it. Conventions For more inform

MX Load Balancing and Flow Preferences

Image
All MX security appliances feature a secondary uplink that can be used for load balancing and failover purposes. This article explains how to enable and configure a secondary uplink, load balancing between uplinks, and flow preferences for different types of traffic. Enabling and Configuring WAN 2 Some MX models (MX250, MX400, MX450, MX600) have a dedicated secondary uplink port (WAN 2). To use these ports, a cable just needs to be connected and the IP can be configured on the MX's  local status page . On all other MX models, a LAN port can be repurposed into an Internet port for use as WAN 2. To enable and configure WAN 2 on an MX without a dedicated WAN 2 port: Navigate to the MX's  local status page . Click the  Configure  tab at the top. Under Port 1, 2, or 4 (depending on the MX model), switch the  Role  to  Internet : Configure the WAN port as needed: VLAN tagging  - Assigns a VLAN tag to all traffic sent out of this port. If set to  Don't use VLAN tag