Hello,
we have upgraded out fortigate 60c to the fortigate 92d model. I remapped the interfaces with the forticonverter, doublechecked all the congfiguration and replaced the unit.
We have port forwarding configured to match our outlook webaccess server. Everything is working fine, but when I try to send an email with outlook webaccess I will get a timeout .
Another problem is when connecting via ssh from one interface to another I get a connection. But afer a while (no inactivity) I do not get any content in my terminal application (tested with putty and osx ssh nativ client).
When I switch the firewall again I do not have these problems.
I have doublechecked the config, rules policys, global settings, proxy options, ssl inspection. Everything is configured in the same manner.
Are there any known problems with the 92d?
many thnaks
Buck
Glancing at the starter guide for the 60C, the only real physical difference I see between the two models is the 60C has a DMZ port and the 92D has more internal ports (14-ports vs the 60C's 5-ports).
If you want to do a manual conversion or port the 60C config over to the 92D, make sure both devices are running the same firmware. Save an unencrypted backup of the 60C config, take the first line from a fresh factoryreset 92D config and paste that line over the first line of the backup 60C config...load that into the 92D. Perform a diagnose debug config-error-log read from the CLI to check for any errors.
BTW there are already several posts on this topic, as well Fortinet has published one method for porting the config from one model to another, here.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
BRogers wrote:I have doublechecked the config, rules policys, global settings, proxy options, ssl inspection. Everything is configured in the same manner.
I suggest loading both configs into a text compare tool like WinMerge to check for changes.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thank you very much for your support.
I have compared the output of all rules. Compared the configuration - no difference except of the interface mode / switch mode.
The strange part of the problem is, that connections are running and 99% is working except of some ssl / https traffic.
But I do not have any ssl inspection turned on.
I am in contact with the fortinet tac support and will tell you what is going on.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.