Prior to upgrade from 5.6.11 to 6.0.9, I had a Local Rating Override of
site "{redacted}-VPN.com" from FortiGuard Category "Proxy Avoidance" to
Local Category "VPN". I then allowed the "VPN" Category is a Web-filter
Profile associated with firewall r...
Hi experts,My use-case is to allow SNMP Manager access to Fortigate's
SNMP Agent, but the question is more general.System interface's
trust-ip-1 (if "dedicated-to" is 'management'), system admin's
trusthost1 and firewall local-in-policy are supposed ...
Hi gurus,I'm using DNS server on the Fortigate (config system
dns-server) forwarding requests to DNS server (config system dns). The
latter has a setting "cache-notfound-responses".I was hoping that by
enabling that setting and issuing "diagnose test...
Hi gurus,on FWF-61e, I provisioned WPA2 Enterprise, using local User
Group.Output of "diagnose wireless-controller wlac sta_filter" shows
RADIUS messages, so, I must conclude that FortiOS implements an internal
RADIUS server and exchanges EAP payload...
Hi Fortigurus,if an administrator has entered "Too many login failures.
Please try again in a few minutes..." lockout state, using CLI command,
how can I see which administrator is locked-out and what's the CLI
command to unlock (before expiry)?R's, ...
Agents 1994's solution worked for me when I was on 6.0.x, however, after
upgrading to 6.4.x, it stopped. Is there a new option to prevent
Fortigate from randomizing MAC addresses at boot? Details: FWF # show
system interface wire_less_ssw config syst...
We've already established that ED25519 doesn't change, so, using FortiOS
'execute ssh' which only uses this Host Key type won't show anything
pertaining to RSA. I've previously done "diagnose debug application sshd
-1" - this is what I saw::SSH: noti...
SJFriedl wrote:I'm trying to figure out if this actually makes you any
more secure. My issue's not security - changed SSH public key usually
indicates "system changed" - usually, a failover or upgrade. In this
situation, nothing changed, other than a...
