Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I just upgraded our box (200D, 100D, 80CM..) with the latest v5.6.0, and also upgraded the FA with the latest v5.4.2 (it needs to rebuild the DB for 2 days..) Everything seems good and the IPSec VPN, SSLVPN without any dropping after the upgrading.
I noticed that the "Threat Map" in v5.4.4 is gone once upgraded to v5.6.0... even it's somehow a gimmick, but it's nice if can keep in v5.6~
The Physical / Logical Topology is nice but I found it recognized the host in the wrong side... like an internal host located at the side of WAN1... I am not sure but I set the role as LAN for internal ports and the DMZ...
For the CSF (Cooperative Security Fabric).. seems I have to enable the FortiTelementry on interfaces and must to use OSPF rather than static routing.... still not yet fully experience the benefit / beauty of Security Fabric....
Hurts that you can't use NGFW style policies with zones right now. It forces you to use the NAT table when you do that but it kinda doesn't work with zones. Spits out an error in the gui and the zone interface isn't even an option in the CLI.
Mike Pruett
We are reviewing support for Zones in central NAT rules (for NGFW) to see if it can be supported in a future release.
Thanks Jordan, Hopefully it can be as I use zones almost exclusively to consolidate and reduce policy counts.
Mike Pruett
I'm also waiting for the 200E/201E.
I just upgraded our box (200D, 100D, 80CM..) with the latest v5.6.0, and also upgraded the FA with the latest v5.4.2 (it needs to rebuild the DB for 2 days..) Everything seems good and the IPSec VPN, SSLVPN without any dropping after the upgrading.
I noticed that the "Threat Map" in v5.4.4 is gone once upgraded to v5.6.0... even it's somehow a gimmick, but it's nice if can keep in v5.6~
The Physical / Logical Topology is nice but I found it recognized the host in the wrong side... like an internal host located at the side of WAN1... I am not sure but I set the role as LAN for internal ports and the DMZ...
For the CSF (Cooperative Security Fabric).. seems I have to enable the FortiTelementry on interfaces and must to use OSPF rather than static routing.... still not yet fully experience the benefit / beauty of Security Fabric....
Hello,
Can you please confirm that FortiAnalyzer 5.4.2 is able to collect logs from FortiOS 5.6? There's no such info in the Release Notes and compatibility matrix.
Thank you,
Slavko
NSE 7
All oppinions/statements written here are my own.
It does not collect logs! You have to wait till the GA of Forti OS 5.6 for Analyzer
hello
Hello,
I cannot find how to setup different ntp server than Fortiguard (i.e. pool.ntp.org). In GUI (FG 60D) custom is greyed out and info I should do this in CLI. But in CLI I can see only those options :
FGT-DW # config system ntp
FGT-DW (ntp) # show full-configuration
config system ntp
set ntpsync enable
set type fortiguard
set syncinterval 60
set source-ip 0.0.0.0
set server-mode disable
end
FGT-DW (ntp) # set type ?
fortiguard FortiGuard.
custom Custom server.
FGT-DW (ntp) # set type custom <Enter>
FGT-DW (ntp) # set ?
ntpsync Enable/disable synchronization with NTP Server.
type FortiGuard or custom NTP Server.
syncinterval NTP synchronization interval.
source-ip Source IP for communications to NTP server.
server-mode Enable/disable NTP Server Mode.
Dominik Weglarz, IT System Engineer
Thank you.
Dominik Weglarz, IT System Engineer
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1071 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.