Re: SSL Deep Inspection - Google Chrome

smaruvala · 05-23-2024

Description This article describes details about the challenge ACK and how FortiGate handles that packet. Scope FortiGate. Solution In the TCP handshake generally, 3 packets are exchanged for the connection establishment and they are either SYN, SYN-...

smaruvala · 05-23-2024

Description This article describes how redundant policy-based VPN can be configured using the automation stitches in the FortiGate Firewall. Scope FortiGate. Solution The network comprises of a data center (DC) and two sites called Site-A and Site-B....

smaruvala · 05-01-2024

Description This article describes important information regarding the SNMP OID which can be used to retrieve the FortiClient EMS connectivity status from a FortiGate Firewall. Scope FortiOS version 7.4.2. Solution The connectivity status between the...

smaruvala · 04-24-2024

Description This article descries that FortiClient provides the flexibility to choose either an external browser or a FortiClient-embedded browser for SAML authentication. If an external browser is used then the credentials are cached in browser cook...

smaruvala · 06-06-2024

Hi, - As @mahesh_pm mentioned it looks like certificate probe issue. - Can you check if the same issue is seen when you use policy in proxy mode instead of the flow mode? - This could be matching a reported issue of 994101 as well. Regards, Shiva

smaruvala · 06-05-2024

Hi, Geographic address objects are not supported by ZTNA Rules/Proxy policies and they make FortiGate ignore the policy they are in. Please refer the below KB. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-of-geographic-address-object...

smaruvala · 06-02-2024

Hi, - Do you see the default profile or was it changed? - I am suspecting default profile is not seen in SASE portal which is why you are not able to create a new profile. If this is the issue then I would suggest you to open a case with out Support ...

smaruvala · 05-23-2024

Hi, In the Forward traffic logs we can see the source and destination country. If you are exporting the traffic logs then you can search for dstcountry and srccountry column which provides the destination and source countries. Regards, Shiva

smaruvala · 05-16-2024

Hi, - What is the error being observed? - Is it seen for a specific website? If its a public website can you provide the URL? - Which state of the SSL handshake is having issue? Packet capture can help here? - Are you using SSL Inspection in the Poli...

User Statistics

User Activity

Technical Tip: Handling of Challenge ACK packet by FortiGate

Technical Tip: Redundant Policy Based VPN using the Automation Stitch

Technical Tip: SNMP OID for FortiClient EMS connection status

Technical Tip: Clearing browser cookie using FortiClient EMS to prevent SAML authentication bypass

Re: FortiGate-3300E v7.2.7 SSL Application Blocking Issue

Re: BUG ZTNA GeoLocation and ZTNA Tag Groups

Re: Cant open a new Endpoint profile on FortiSASE

Re: Sort by Geolocation

Re: TLS 1.2 and 1.3 query at Fortigate Firewall

Re: SSL Deep Inspection - Google Chrome

Re: Does Fortigate manipulate a certificate traffi...

Re: VPN not working on mobile devices after 7.0.14...

Re: Geo location ip blocking for particular server

Re: SSL Deep Inspection - Google Chrome

Re: Fortigate send UDP 8014 packets on WAN interfa...

Re: what "This can be a challenge ack packet" mean...

Re: VPN IPsec with dh 32

Re: ForitSASE SWG Configuration Greyed out

Re: Setting up Working IPSec tunnel dialup iOS - I...