Re: whitelist specific user IP address from block ...

pjawalekar · 12-26-2022

Description This article describes that from v6.2, the IP address might be part of different ISDB objects. Scope FortiGate v6.2 and above, Solution The traffic is matched based on the 3-tuple (protocol, port, IP). This also introduces the 'singularit...

pjawalekar · 12-08-2022

Description This article describes how to deal with the Citrix VDI issue when using SSL VPN. When the user is trying to access the Citrix VDI server with the clientless SSL VPP (web mode), the error: 'Unable to connect to the server. Contact your sys...

pjawalekar · 12-08-2022

Description This article describes how to block the 'TCP split handshake' in intrusion prevention. Scope FortiGate. Solution TCP is a connection-oriented protocol. The host initiating the connection referred to as the client sends to its peer, referr...

pjawalekar · 09-08-2023

Hi DaVeiga19,You can configure the script to collect the logs as advice by mpeddalla.As you have mentioned when the issue occurs the device is not responsive in such situation you can use com log feature to collect the log. Below is the Kb link for c...

pjawalekar · 08-30-2023

Hi preston55,If you are using any security profiles on the policy you can validate the logs under logs section to validate if any of the attached security profile is blocking the traffic.For single test user you can test by creating the test policy f...

pjawalekar · 08-30-2023

Hi rafal0001, Please validate if you using any traffic shaper which can limit the speed for the users. Also you can validate what is the overall bandwidth utilization on wan/isp link when you are facing the issue, as when you connect direct pc to ISP...

pjawalekar · 08-22-2023

Hi damianhlozano, The Link Status section of the performance SLA configuration consists of three settings that determine the frequency that the link is evaluated, and the requirements to be considered valid or invalid: Check interval: the interval in...

pjawalekar · 08-22-2023

Hi MadDog_2023,I understood that you want to advertise ipsec vpn subnet 192.168.166.0/24 to SSLVPN user, you can do the same under the SSLVPN portal which you are using for the SSLVPN users. If you are using split tunneling under the tunnel mode you ...

User Statistics

User Activity

Technical Tip: If two ISDB are present in the SD-WAN rule destination ISDB with highest singularity will be selected

Technical Tip: Citrix VDI support with web mode SSL VPN

Technical Tip: How to block the 'TCP split handshake' in intrusion prevention

Re: Process IPSEngine High Memory

Re: Cross-origin resource sharing (CORS) Connection Timed Out

Re: FG 50E v6.2.12 Download Speed much lower than upload

Re: "Packet Loss threshold" option in "Performance SLAs"

Re: How to advertise a site-to-site VPN subnet to SSL VPN connections

Re: whitelist specific user IP address from block ...

Re: FG 50E v6.2.12 Download Speed much lower than ...

Re: Question about diagnose debug command (VPN)

Re: Can't connect Fortigate to Asus wireless Route...

Re: LDAP Server

Re: Question about diagnose debug command (VPN)

Re: Can't connect Fortigate to Asus wireless Route...

Re: whitelist specific user IP address from block ...

Re: How can I bulk all the Addresses Trying to acc...

Re: LDAP Server

KCS