DNS caching & webfilter-caching Fortigate V4 MR3

show dns settings

#config system dns
       show system dns

----------------------------------------------------


#config system dns
       set dns-cache-limit 999999999
    set dns-cache-ttl 7200
end

--------------------------------------------------------


show webfilter settings

#config system fortiguard
      show system fortiguard

-------------------------------------------------------

# config system fortiguard
    set webfilter-cache-ttl 86400
end

DNS cache clear Fortigate v4 MR3 Patch 10

FGT # diag test application dnsproxy ?

1. Clear dns cache
2. Show stats
3. Dump DNS setting
4. Reload FQDN
5. Requery FQDN
6. Dump FQDN

To clear the DNS cache : 


#diag test application dnsproxy 1



This will simply reload and requery the FQDN :

FGT # diag test application dnsproxy 4
FGT # diag test application dnsproxy 5  

Denial-of-Service (DoS)

A Denial of Service (DoS) attack disrupts service to users and is usually done by consuming network bandwidth or overloading a computer's resources. One of the signs to recognize if you are being attacked is when your connection (either Internet or network) slows down for no apparent reason. Another sign of a DoS attack is when you are unable to connect to a server or a web page that is usually available.

cron daily restart of the FortiGate

The FortiGate allows to program a daily restart at a fixed hour.


config system global
    set daily-restart enable
    set restart-time 05:06
end

How to set a FortiGate to send the real time log to a FortiAnalyzer

how to enable a FortiGate unit to send the real time log to a FortiAnalyzer unit.

This only applies to a FortiGate unit that has storage or hard disk which can set to be the real time or store-and-upload.   For a FortiGate unit that does not have storage or hard disk, it will be set to be the real time by default.

The following CLI command can be used to set the FortiGate unit to send the real time log to a FortiAnalyzer.

# config log fortianalyzer setting
# set upload-option realtime
# end  

SQL logging on FortiGate with flash disk at 4.0 MR3 patch7

Description

After upgrade of a FortiGate with internal flash disk to 4.0 MR3 patch7, it may be noticed that even if the SQL quota was not set then the SQL log will only go up to a certain size and the log message "Sql Log is 99% full. System will overwrite old logs now.” may be seen.

Scope

SQL logging.

Solution

This is due to a change in the way SQL logging is performed on the local log disk.

In 4.0 MR3 patch7, all FortiGate untis with a flash disk will move the SQL logging to memory and the maximum size is 10% of the available memory. For example a FortiGate 100D having 2GB of RMA would have a maximum SQL log size of 200MB.

The command # dia hardware sysinfo memory can be used to check the total memory of the FortiGate.

Authentication keepalive page Fortigate

Description

This article explains how to configure the keepalive page to show on a user PC when the user accesses to the internet.

Solution

The authentication keepalive page can be enabled by the CLI command:

# config system global # set auth-keepalive enable # end

The authentication keepalive page is disabled by default.  When enabled the following HTML page will be displayed and the firewall authentication keepalive will prevent sessions from ending when the authentication timeout ends.