Description This article describes details about the challenge ACK and
how FortiGate handles that packet. Scope FortiGate. Solution In the TCP
handshake generally, 3 packets are exchanged for the connection
establishment and they are either SYN, SYN-...
Description This article describes how redundant policy-based VPN can be
configured using the automation stitches in the FortiGate Firewall.
Scope FortiGate. Solution The network comprises of a data center (DC)
and two sites called Site-A and Site-B....
Description This article describes important information regarding the
SNMP OID which can be used to retrieve the FortiClient EMS connectivity
status from a FortiGate Firewall. Scope FortiOS version 7.4.2. Solution
The connectivity status between the...
Description This article descries that FortiClient provides the
flexibility to choose either an external browser or a
FortiClient-embedded browser for SAML authentication. If an external
browser is used then the credentials are cached in browser cook...
Hi, - As @mahesh_pm mentioned it looks like certificate probe issue. -
Can you check if the same issue is seen when you use policy in proxy
mode instead of the flow mode? - This could be matching a reported issue
of 994101 as well. Regards, Shiva
Hi, Geographic address objects are not supported by ZTNA Rules/Proxy
policies and they make FortiGate ignore the policy they are in. Please
refer the below KB.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-of-geographic-address-object...
Hi, - Do you see the default profile or was it changed? - I am
suspecting default profile is not seen in SASE portal which is why you
are not able to create a new profile. If this is the issue then I would
suggest you to open a case with out Support ...
Hi, In the Forward traffic logs we can see the source and destination
country. If you are exporting the traffic logs then you can search for
dstcountry and srccountry column which provides the destination and
source countries. Regards, Shiva
Hi, - What is the error being observed? - Is it seen for a specific
website? If its a public website can you provide the URL? - Which state
of the SSL handshake is having issue? Packet capture can help here? -
Are you using SSL Inspection in the Poli...