Hello guys,I'm working on a Forticlient EMS system.In the last year I
noticed that some sites deny the user access.I explain myself: sometimes
the cloudflare captcha denies (the image above is just an example from
internet) the user access to the web...
Hello everyone,I have two Fortigates:A Fortigate 60F and a Fortigate
70G.On the Fortigate 60F, there is a WiFi network, where I reserved the
IP address 172.16.10.110:The Fortigate 60F is connected to the 70G via a
link and a static route: All traffic...
Hello everyone,I have two Fortigates:A Fortigate 60F and a Fortigate
70G.On the Fortigate 60F, there is a WiFi network, where I reserved the
IP address 172.16.10.110.The Fortigate 60F is connected to the 70G via a
link and a static route: All traff...
Hello everybody,I'm working on a Fortigate 70G v7.2.11.Long time ago I
created an IPSec Tunnel using a wizard tool.On this tunnel, I enabled
the split tunneling.I have 2 Windows PCs (PC A - Windows 10 / PC B -
Windows 11)On both PCs I have a free For...
Hello everybody, I'm working on a Fortigate 70G v7.2.11I defined an
interface: and a policy to allow the traffic: With this policy, I want
to say: wherever I call you, you have to allow the traffic.If I connect
to any 70G interface (wifi, wired lan...
Hello,just a simple question. What's the network configured in the
accessible networks inside the IPSec tunnel? Is the LAN you want to ping
inside the "accessible networks". Otherwise all the traffic will be
dropped.
Hello everybody, as I said previously, the client received a wrong
configuration by Forticlient. It was the only client that received a
disabled split-tunnell configuration, Solution was to disable and then
rienable again the split-tunneling on Forti...
Thanks for your reply,it does not seem to be the same kind of problem.
Because the fact that PC B cannot access internet is due to the fact
that it receives a configuration that is the same as if "split
tunneling" was disabled on Fortigate. So 10.212...
Hello,thanks everybody for the answers.The solution was a lot easier
than I thought.During the sniffing process, I couldn't see any packet on
that interface.The problem was simply that the accesibile network
segment defined for the ipsec tunnels didn...
Hello @dingjerry_FTNT ,I'm sorry :)79.x.x.x is the WAN IP.From the
external device, if I ping vpn.xxx.com, 79.x.x.x replies. I sniffed some
packets on port 40443 filtering for dstaddr 10.1.0.1 and saw that
packets were being forwarded from 192.168.1....
