Can you test our FortiGate without affecting production traffic?

Yes. Sherlock Forensics tests your FortiGate by simulating real attack traffic against your network, not by modifying the firewall itself. We deploy ShadowTap internally and test whether your FortiGate detects and blocks threats at each phase. Your FortiOS configuration remains untouched. Standard validation costs $5,000 CAD.

We have FortiGate with FortiGuard subscriptions. Why do we need testing?

FortiGuard subscriptions provide signature updates and threat intelligence, but they do not validate your configuration. A FortiGate with active FortiGuard subscriptions can still have overly permissive policies, disabled SSL inspection, misconfigured web filters and default administrative credentials. Subscriptions give you the tools. Configuration determines whether those tools actually protect you.

Do you test FortiGate SSL VPN specifically?

Yes. FortiGate SSL VPN has been the target of multiple critical CVEs in recent years, making it a high-priority test area. We test authentication strength, session management, post-authentication access controls, split tunneling configuration and whether your SSL VPN firmware version is affected by known vulnerabilities. This is often where we find the most critical issues.

What happens if our FortiGuard subscription has lapsed?

A lapsed FortiGuard subscription means your FortiGate is running with outdated threat signatures, no web filter updates, no sandboxing capability and no application control database updates. Your firewall still routes traffic and enforces basic policies, but its threat detection capability is frozen at the date the subscription expired. We document the exact security impact and recommend remediation priority.

Fortinet FortiGate Validation

You Run FortiGate. Does Your Configuration Actually Stop Attacks?

FortiOS defaults are not security defaults. We test the difference.

Sherlock Forensics offers Fortinet FortiGate security validation starting at $5,000 CAD. We test whether your FortiGate configuration actually stops real attack techniques. Using our ShadowTap platform, we test FortiOS default settings, attempt SSL VPN exploitation, bypass web filters and verify FortiGuard subscription effectiveness. You receive a detailed report showing what your firewall blocked, what it missed and specific configuration changes to close the gaps. Comprehensive validation with full internal and external testing is available at $12,000 CAD.

Purchase Validation Book a Scoping Call

Common Misconfigurations

What We Find in FortiGate Deployments

FortiOS Default Settings

FortiOS ships with permissive defaults designed for easy deployment, not maximum security. Default administrative access settings, implicit allow rules, disabled security profiles on internal interfaces and permissive DNS policies create a baseline that requires significant hardening. Most organizations skip the hardening phase and go straight to production.

SSL VPN Exposure

FortiGate SSL VPN has been the target of multiple critical CVEs, including actively exploited vulnerabilities that allowed pre-authentication remote code execution. We test your SSL VPN portal for known vulnerabilities, authentication strength, session management weaknesses and post-authentication access controls. This is consistently one of the highest-risk areas in FortiGate deployments.

Web Filter Bypasses

FortiGuard web filtering blocks malicious and unauthorized web content, but only when SSL deep inspection is enabled and properly configured. Without deep inspection, HTTPS traffic bypasses web filtering entirely. We test whether your web filter actually blocks malicious domains, C2 channels and data exfiltration over HTTPS.

FortiGuard Subscription Lapsed

When FortiGuard subscriptions expire, your FortiGate continues routing traffic but stops receiving signature updates, web filter database updates and sandboxing capability. The firewall looks operational in the dashboard, but its threat detection is frozen in time. We verify subscription status and document the security impact of any lapsed services.

Missing Security Profiles

FortiGate security profiles (antivirus, IPS, application control, web filter) must be explicitly applied to firewall policies. Policies without security profiles allow traffic to pass with no inspection. We map your policy table to identify rules that lack appropriate security profiles, especially on internal-to-internal traffic.

VDOM Segmentation Weaknesses

Virtual domains (VDOMs) provide logical separation within a single FortiGate. Misconfigured inter-VDOM links, shared management access and inconsistent security policies between VDOMs can undermine the segmentation they are designed to provide. We test whether VDOM boundaries actually contain lateral movement.

Our Process

What We Test

Internal Attack Simulation

We deploy ShadowTap on your internal network, simulating an attacker who has bypassed the perimeter. This tests your FortiGate's internal segmentation, VDOM boundaries and east-west traffic inspection. Your firewall protects the front door. We test the windows, the basement and the hallway.

CVE Validation

FortiGate has a documented history of critical CVEs affecting SSL VPN, management interfaces and FortiOS itself. We test your specific firmware version against known vulnerabilities and verify that patches have been properly applied. We also test for configuration-level mitigations where patches are not yet available.

Evasion and Exfiltration

We test whether your FortiGate detects encrypted tunnels, DNS exfiltration, protocol tunneling and domain fronting. These evasion techniques bypass basic firewall inspection and reveal whether your security profiles are actually analyzing traffic or just counting packets.

Frequently Asked Questions

FortiGate Validation FAQs

Can you test our FortiGate without affecting production traffic?: Yes. We simulate attack traffic against your network, not against the firewall itself. Your FortiOS configuration remains untouched. Standard validation costs $5,000 CAD.
We have FortiGuard subscriptions active. Why do we need testing?: FortiGuard subscriptions provide signature updates and threat intelligence, but they do not validate your configuration. A FortiGate with active subscriptions can still have permissive policies, disabled deep inspection and default admin credentials. Subscriptions give you the tools. Configuration determines whether those tools actually work.
Do you test FortiGate SSL VPN specifically?: Yes. FortiGate SSL VPN has been the target of multiple critical CVEs. We test authentication strength, session management, known vulnerability exposure and post-authentication access controls. This is often where we find the most critical issues.
What happens if our FortiGuard subscription has lapsed?: A lapsed subscription means your FortiGate runs with outdated signatures, no web filter updates and no sandboxing. It still routes traffic but its threat detection is frozen. We document the exact security impact and recommend remediation priority.

Validate Your Investment

FortiOS defaults are not security defaults. Find out what your FortiGate actually blocks.

Standard FortiGate Validation: $5,000 CAD. Comprehensive Validation with ShadowTap internal testing, CVE validation and executive report: $12,000 CAD.

Purchase Validation

Ready to Test Your FortiGate?

Tell us about your Fortinet deployment and we will scope a validation assessment. Free scoping call, fixed-price quote, testing typically completed within 5-10 business days.

Call 604.229.1994

Phone: 604.229.1994
Burnaby Office: Burnaby, BC, Canada
Coquitlam Office: Coquitlam, BC, Canada
Related Pages: All Vendor Validations · ShadowTap Platform · NDR Validation