Restrict YouTube content on your network or managed devices
Restrict YouTube content on your network or managed devicesGoogle provides an article entitled "Restrict YouTube content on your network or managed devices"...
View ArticleEvent log "NAT port is exhausted"
Event log "NAT port is exhausted"The following commands will help to understand if NAT port is exhausted. · Ensure the necessary logging is enabled. Check that the default setting on the...
View ArticleUsage of arp permit-non-connected
Usage of arp permit-non-connectedWe came across a problem after upgrade from 8.2(5) to 9.1.x, where some of the public IP address / servers hosted inside the firewall through public IP are not...
View ArticleDNS Resolution – with & without Proxy
DNS Resolution – with & without ProxyIf you configure IE with an explicit proxy:1. When the user enter www.itzecurity.in2. IE checks the address for a string match against the...
View ArticleClik here to view.
FortiGate Firewall session list and state
FortiGate Firewall session list and stateTo display the session table: diagnose sys session listDescription of the State field in the session tableProto_state field for TCPProto_state field for...
View ArticleClik here to view.
Site Review Utility in Zscaler
Site Review Utility in Zscaler1. Login to the URL: https://sitereview.zscaler.com . This feature is only available for Zscaler customers. The traffic should be route via Zscaler when the user...
View ArticleZscaler Guide lines for URL categories:
Following are some guidelines for URL categories:· You cannot add classes, or edit or delete the predefined classes.· Each class has super-categories. You cannot add or delete...
View ArticleSniffer and debug flow in presence of NP2 ports
Sniffer and debug flow in presence of NP2 portsOn FortiGate that have NP2 interfaces (for example: FortiGate-310B, FortiGate-620B....), some traffic is off-loaded at hardware level. That means that the...
View ArticleFunctions used in PAC files
Functions used in PAC filesisPlainHostName()This function returns true if the hostname contains no dots. Example: http://intranetUseful when applying exceptions for internal websites that may not...
View ArticleClik here to view.
SAML Troubleshooting (ADFS,)
TroubleshootingAuthentication – SAML - Browser SettingsØ This section describes the common issues faced due to incorrect browser settings.A user’s browser displays the error "Can't display the...
View ArticleNetwork Slowness - Verify using Wireshark
Network can be slow for various reasons. If the root cause isn't obvious by looking at performance graphs, cabling, and other hardware, Wireshark can be put to use to narrow down. Following are some of...
View ArticleRestricting Groups
Restricting GroupsAD FS 2.0 federates all the groups of a user, by default. You can restrict the groups to only those to which policies will be applied. Zscaler recommends putting users in groups that...
View ArticleBandwidth quota and Bandwidth control
Bandwidth QuotaThe bandwidth quota includes data uploaded to and downloaded from the URL category. To enforce the quota on specific users, groups, or departments, SSL inspection and authentication must...
View ArticleTips : Zscaler Portal
Tips: Custom URL1. We can add 25000 custom URL across all categories. 2. We can add 48 custom Categories 3. We can add 30 keywords per category 4. We can add 1000 keywords across...
View ArticleTroubleshoot: Split brain seen intermittently on FGT a-p HA
Fortinet TAC requires below details to investigate the issue further, Provide the below from both the HA units in 2 separate files: #get system status #get system performance status #diag sys top 1 40...
View ArticleForward specific URL or domain domain traffic using FOR loop
Route specific URL or domain traffic to internal proxy and all other traffic to Zscaler. function FindProxyForURL(url, host) {// Route the .cn domains to Specific Internal proxy_list var...
View ArticleClik here to view.
FTP Control
FTP ControlBy default, the Zscaler service does not allow users from a location to upload or download files from FTP sites. You can configure the FTP Control policy to allow access to specific sites....
View ArticleSSL VPN conserve mode, one-time login per user, WAN link load balancing
SSL VPN conserve modeFortiGate units perform all security profile processing in physical RAM. Since each model has a limited amount of memory, Kernel conserve mode is activated when the remaining free...
View ArticleClient device certificate authentication with multiple groups
Client device certificate authentication with multiple groupsSupported Fortios version 5.6.2In the following example, we require clients connecting to a FortiGate SSL VPN to have a device certificate...
View ArticleGenerate a self-signed SSL certificate using the OpenSSL for DPI / Full...
To generate a self-signed SSL certificate using the OpenSSL, complete the following steps:1. Write down the Common Name (CN) for your SSL Certificate. The CN is the fully qualified name for the...
View Article