Hi, I have FortiGate connected to Cisco switches (core + access), which
is connected to 7 FortiAPs. I want to create multiple SSIDs (VLAN 10 and
VLAN 20). Currently, I have created two VLANs under my LAN physical
interface on my FortiGate, and two SS...
Hi, I was using FortiGate version 7.2 with SSL Full inspection mode, and
all was good. Now I have moved to 7.6.4, the latest version, but I think
the configuration goes differently. I have generated a CSR from
(Certificate). And sign it through my lo...
Hi, I have a new deployment for FortiGate as an edge firewall. The
latency design involved DC FW acting as both DC and Edge. Now I will
implement Fortigate as Edge and do point-to-point with DC FW. The Q is.
I do have:- one Internet link with 2 IPSec...
Hi, I have 2 Q regarding to Fortigate A/P. Now I have my 901 FG with a
dedicated port for HA. I will make this port for Heartbeat. And I do
have 2 fiber links as well for HA with normal ports. Is the best
practice to keep the HA default port for hear...
Dears, I have build an SD-WAN project for one of my customers that has 2
wan links (ISP1 with public IP, ISP2 F5 modem). Once I come to VPN
configuration to connect all branches, I used to go with a dual-up hub
and spoke. I have created the VPN in th...
thanks for your replay. I saw the mentioned post but still not able to
understand the different of configuration needed on cisco switch in both
options?! should i create vlans and enable trunk port with tunnel mode?
what config diff
Thanks for your reply. Yes, it's the same as the mentioned pic. I'm able
to use the signed cert in my setting for HTTPS browser. But still I'm
not able to use it in the SSL security profile. I thought in the new
version, there is a different way or I...
Thanks for your reply. This was my concern. regarding to my VPN,
actually I don't need VPN redundant. only I need to connect some
branches "spokes" to my HQ "hub". I was using dialup VPN not ADVPN as no
need for spokes to have a direct connection to ...
I appreciate your reply. It's clear, thanks. But still, I'm not sure
about the VPN point. Does configuring the VPN as a member under SD-WAN,
or by the normal way from VPN tunnel make any difference?
Hi AEK, thanks for your reply. do u mean reaching the NAC while the
machine is in registration or remediation vlan? and regarding to
sniffing packet from NAC side, is this command enough to show the
connection: # exec enter-shell# sudo tcpdump -nnvi ...
