Description This article describe how to configure FortiManager to use
custom certificate for HA communication on port 5199. Scope FortiManager
6.2.7 and above FortiManager 6.4.x FortiManager 7.0.x FortiManager 7.2.x
Solution By default, communicatio...
DescriptionThis article describes how to check the webfilter database
(DB) version on the FortiManager, and also show how to change or shorten
the DB consolidation time.SolutionGo to FortiGuard -> Query Server
Management -> Receive Status, it is poss...
DescriptionFortiGate have two boot partitions on the flash memory to
store the firmware images and configuration files.After a firmware
upgrade, the new FortiOS image is saved in the secondary partition which
on reboot is made the active partition, a...
Description This article describes how to perform HQIP test on
FortiGate-6k chassis. Solution There are two variants of FGT-6k chassis
at the time of writing, FortiGate-6301F that consists of 6 Fortinet
Processor Cards (FPC) and FGT-6501F with 10 FPC...
DescriptionPrior to firmware 5.4.0 (firmware 5.2 and below), user will
be able to configure individual device storage quota. In firmware 5.4.0
onwards, the storage quota design have changed and is now based on ADOM
level quota, in which the quota is ...
Hi sidp You can try mesh-selector-type subnet instead. Please refer to
for more information.
Hi sidp If the tunnel is not up, you should do ike debug instead of
debug flow. Since FGT act as initiator in this case, probably you will
need to enable ike debug on the Cisco side when FGT generate traffic
towards Cisco side to see why tunnel is no...
Hi DanRole do not have any effect on the FortiGate. Setting the role
means some GUI option is being hidden, and it simplifies things from GUI
itself. I don't really set the role and I think it is safe to leave at
LAN (default) or undefined. You can r...
Hi J, do you have SSL deep-inspection applied to the firewall policy? I
am guessing most likely almost all sites are encrypted and running on
HTTPS, so therefore it will not works without deep-inspection?
Hi CAB3 If I understand correctly, DMZ is part of the trust VLAN and
your inside IP is also located in trust VLAN? You are trying to route
some packet from DMZ to inside IP? If yes, you could just setup firewall
policy from trust VLAN to trust VLAN.T...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.