Re: FortiGate routing through device instead of ga...

FractalSphere · 03-12-2024

I have many corporate Fortinet firewalls in play, but finally just went and bought one for myself (a 60e, great for home internet and labs) so am posting with my personal acct - and am seeing the following weird issue. I have created an address group...

FractalSphere · 03-13-2024

We had this issue at one of our sites, asymmetric routing is rough. I believe this was required to resolve it. Make sure your static routes are weighted correctly and have proper administrative distance. config system settings set asymroute enable en...

FractalSphere · 03-13-2024

I think I'm understanding what you're aiming at here.. In your SSL-VPN portals you should add some address objects you create with subnets that the SSL-VPN traffic is allowed to access as its destinations. And on the policy itself allowing the SSL-VP...

FractalSphere · 03-13-2024

FYI I enabled some logging (will likely tweak this as I go) from this reference https://community.fortinet.com/t5/FortiGate/Technical-Tip-Local-traffic-logs-tab-shows-no-results/ta-p/192466

FractalSphere · 03-13-2024

Yes as stated, I do have trustedhosts configured for admin accts. Local-in policies was the right answer, apparently! Thanks! :) I got a local-in policy that appears to be working as intended by applying the following block via the CLI! config firewa...

FractalSphere · 03-13-2024

Unfortunately, that does not apply. It's the same link as posted above in the first reply.It references applying region blocking to a VIP so you limit inbound traffic that is able to hit an inside resource. That's not the case here, I am seeing attac...

User Statistics

User Activity

Blocking by region and stopping attempted logins