Description This article explains how to delete IPSec phase 2 selector
from the CLI of the FortiGate if there is no option to delete it from
GUI. Scope FortiGate Solution In this example name of the phase2
selector of the IPSec tunnel is 'FGT_VPNIPSE...
Description This article explains a situation where the OSPF neighbor is
in a FULL state, yet no routes are being advertised from the FortiGate.
Scope FortiGate. Solution In the routing table, the neighbor's state is
displayed, and if it shows a FULL...
Description This article describes the issue where the 'Media Stream'
subcategory under 'Bandwidth Consuming' is blocked, yet streaming media
websites remain accessible. Scope FortiGate. Solution To Block the
streaming media by using a web filter pro...
Description This article describes the steps to troubleshoot the VPN
connection issues when FortiClient gets stuck in Connecting without any
error. Scope FortiClient. Solution When FortiClient is stuck at
'connecting' the reason could be reachability...
Description This article discusses the difficulties in adding the SSL
VPN interface to an existing security policy that already contains one
or more source interfaces. Scope FortiGate. Solution In instances where
have highly detailed policies for use...
Hello, If you want to restrict access for the vpn by using
local-in-policy please check the below configuration example. Configure
the policy to allow traffic from the specific source addresses. config
firewall local-in-policy edit 0 set intf "WAN" <...
Hello, You can try connecting to the web mode from this device once, to
isolate the problem to FCT. Kindly also run a packet capture on the wan
interface of the fortigate with the public ip of the user that is unable
to connect.You can check the foll...
Hello Team, After hiding the SSL VPN login page (on v 7.4.1 and below)
or disabling it globally (v7.4.2 and above), it is expected to see every
failed authentication for SSL VPN flagged with 'tunnel Type ssl-web'.
The log does not mean an authenticat...
In addition to the previous update you can check with the following
commands if the traffic is coming to the fortigate for this traffic: dia
sniffer packet any " host x.x.x.x and host y.y.y.y " 4 0 l <------
x.x.x.x should be the ip address that you ...
Please check if you are using named address objects in the phase2
selectors and try to use direct subnet and separate phase2 selectors
instead of named objects.It is possible to configure
mesh-selector-type.mesh-selector-type {disable | subnet | host...