You are leaving our website

malachykidd · 01-18-2019

I've configured a pair of FortiGate 81E firewalls into a HA cluster, and I use them to terminate a set of auto-detect IPSEC tunnels. To improve security, I use PKI to authenticate the tunnels, and I have configured the firewalls to download CRL updat...

malachykidd · 10-09-2017

I have a new FortiManager (5.4.4) and FortiGate (81E, 5.4.5) deployment. The 81E was configured before it was added to FortiManager, and it has an IPSec VPN tunnel to a Juniper SSG firewall at a remote site. The 81E added to FortiManager without erro...

malachykidd · 01-22-2019

Well... I enabled auto-update, and FortiManager auto-updated the config, but then it set the root policy package status to Out of Sync, though there are no changes applied if I (re)install the policy package. Not ideal.

malachykidd · 01-22-2019

teddyko wrote:Is your Config Status or Policy Package Status going to "Out of Sync"? Config Status. teddyko wrote:Changes to the CRL should only affect Config Status. One possibility for Out of Sync status is your auto-update setting may be disabled....

malachykidd · 10-10-2017

chall, After reading a link (https://forum.fortinet.com/FindPost/150794) in a reply to another post, by heskez, I upgraded FortiManager to 5.6 and was able to successfully apply the policy to the device; it looks like my problem was part of the inabi...

malachykidd · 10-10-2017

chall, Per-Device Mappings shows "cdm-firewall-01 ( root :( vpn_to_aa,vpn_to_seas" and "dcc-firewall-01 ( root :( vpn_to_aa" Justin

User Statistics

User Activity

FortiGate Out of Sync after device updates CRL

Interface Validation failure on zone used for IPSec VPN -- cannot update policy

Re: FortiGate Out of Sync after device updates CRL

Re: FortiGate Out of Sync after device updates CRL

Re: Interface Validation failure on zone used for IPSec VPN -- cannot update policy

Re: Interface Validation failure on zone used for IPSec VPN -- cannot update policy