Set a Default Tab for FortiClient EMS

XML Editor in EMSIt’s been a while, but I am working on deploying an updated version of FortiClient for and company which is managed via EMS and InTune. One thing that bugs me (and many) is by default, the client UI will load into the Zero Trust Telemetry tab and the option to change the Default tab will be greyed out for the end user when managed. There is no UI setting in EMS but you can easily set the Default Tab by using the XML editor for the specific profile under Endpoint Profiles > Manage Profiles, edit the Profile and then select XML Configuration. Once there, hit Edit and add the following line under the System and UI tags.


You can also use any of the following values under the default_tab element to set the default tab accordingly.

AV: Antivirus
WF: Parental Control/Web Filtering
FW: Application Firewall
VPN: Remote Access
VULN: Vulnerability Scan

If you want to know what else you can configure via XML for the FortiClient via EMS, see the Fortinet FortiClient XML Guide here (or local mirror FortiClient_6.0.4_XML_Reference.pdf).

How to spoof or mimic a hardware or MAC Address of another device on an interface on a FortiGate

I was recently out at a client and they were in the process of getting another link installed, which happened to be Cable internet which they were using for redundancy.  We put their cable modem in Bridge mode but the connection wasn’t coming up after connecting everything up.  Most cable providers authenticate with certificates and the hardware address of the router so this made me thinking that we needed to make their provider think the FortiGate was their original modem.  So firing up an SSH session I logged in and issued the following commands;

FGT40C # config system interface
FGT40C (interface) # edit wan2
FGT40C (wan2) # set macaddr xx:xx:xx:xx:xx:xx
FGT40C (interface) # end

Now you will want to replace the interface, in this case wan2 with your interface and the mac address with the hardware address you want to spoof or mimic.

I gave the cable modem a power cycle for good measure and the connection came up.

Configure a login banner or disclaimer on a FortiGate for Terminal and HTTP admin logins

If like me you work in an environment where you have people who are attempting to circumvent your network security it helps to have a banner or disclaimer to warn them about the trouble they will get into if they’re caught. By default when you attempt to login to a FortiGate there is no warning message or login banner.

To enable the banner or disclaimer on a FortiGate (there is both a pre and post login disclaimer you can use) we firstly need to log into the CLI of the FortiGate and enter the following commands to enable the banner. You can substitute pre with post if you wish;

FG621B # config system global
FG621B (global) # set pre-login-banner enable
FG621B (global) # end

Now log into the web ui of FortiOS and go into System > Config > Replacement Messages once there we need to switch to the extended view and the login banners should be at the top of the list, you can edit the default message if you wish, once done click on Save.

Once you try and get the FortiGate via Terminal or Web Management you should get prompted with the Disclaimer message.

FortiAnalyzer shows xx of xx database tables need to be upgraded

So I was recently presented with a message after a firmware upgrade that a number of database tables needed to be upgraded.  I searched the Fortinet knowledge base but found nothing. After a discussion with a Support Rep from Fortinet we quickly found the solution and being that it is a very common issue I thought I would post the steps on here for the general public.

Log onto your Analyzer and follow the below instructions.

– System – > Config -> SQL Database set the location to “Disabled”
– run on the CLI “execute sql-local remove-db” and confirm
– On the CLI run “execute reset sqllog transfer”
– SQL Database reactivate

Depending on how large your logs are the remove-db command make take several minutes.