I am planning and preparing to upgrade my FG200D HA cluster (2 units).
current version is 5.2.10. Question 1) Do you guys find the
support.fortinet.com upgrade path tool reliable?I ask this question
because using the tool for 5.2.10 to 5.6.5 is kind ...
VPN routing concepts seemed to have changed for any FortiOS 5.2 or
higher. It is in the what's new area of 5.2. VPN tunnels now use
"add-route" which I don't understand in a 0.0.0.0/0 scenario. I did many
FGT<>FGT with split tunnel VPN and with old r...
using standalone FG60E v5.4.1, logging to memory and forticloud (if I
can get it working). forward traffic logs are blank. I tried UTM events,
all session and web profile "log-all-urls". log still blank. also the
forticloud test account button does n...
Is it possible to have many SSL VPN users, but only require client
certificates for some users? I only see a global setting. I want a per
group setting.
when converting FGT > FGT and mapping the interfaces, the SSL.root is
not the destination interface list box. Also what do I match phase-1 VPN
interfaces to? Do I even need to convert my config at all if I do a
FG200B (5.2.3) to a FG200D (5.2.3)???
Actually the Fortigate can block HTTPS sites without installing
certificates on the client using certificate inspection versus full
inspection. Full inspection is for inspecting the actual traffic for bad
content to block (viruses, attacks, bad words...
I was wrong. Almost all D models above the 60D support VXLAN except the
200D. I am just lucky I guess. From the 5.6.8 release notes: The
following models support VXLAN. FortiGate FG-30E, FG-30E-MI, FG-30E-MN,
FG-50E, FG-51E, FG-52E, FG-60E, FG-60E-DL...
I upgraded to 5.6.5 and everything went pretty smooth. I see that 5.6.6
is out now too which addresses a few things that have held some people
back. I am hoping 5.6.6 is solid. The only minor issue I have gotten
calls about is that we have action "wa...
