Fortinet Community

topcu · 06-28-2022

Hello all,this request regards to DNS name resolution on the fortigate local only! The configuration of the firewall was changed to per-VDOM dns, because FQDN objects in that vdom should be resolved by an external nameserver. But unfortunately this l...

topcu · 01-06-2022

Hello, we share the bandwith of an ISP uplink on a Fortigate (FWF60E, v6.2.7) to connect a VPN tunnel to a central hub but also to provide local internet access for users and systems connected on the fortigate. I want to control the bandwith of the W...

topcu · 11-23-2020

Hello all,we have configured a DNAT policy, that matches a wide /16 external IP-range to an internal IP-range. On this policy "nat-sourcer-vip" is also enabled, so that bidirectional initiation of Extranet communication is possible. One of the Hosts ...

topcu · 07-31-2020

Hello all, because I want to optimize some roughly builded policies on our firewalls, I need an overview about actual communications, that are passing through some policies in a 3 month history review. I thought about to use the report feature of the...

topcu · 07-26-2019

Hello, the upgrade procedure for FortiManager recommends before and after performing an upgrade, to check various outputs. So it recommends to check the integrity of the policy packages with the "diagnose cdb check policy-packages" command and gives ...

topcu · 07-01-2022

Hi pa_iva, many thanks for your reply.Yes, actually this works. I built this in a lab and did packet captures. The Fortigate is always asking both, the primary and secondary, regardless which domain is asked, and it will get an answer of one of both ...

topcu · 01-07-2022

You are right, we talking about a traffic shaping policy. Assume the following configuration:WAN1 (internet uplink) uses DHCPThis interface is the tunnel sourceThe tunnel destination is 1.2.3.4 Finally I try to catch the ipsec traffic, that is source...

topcu · 01-27-2019

Hi Benoit,Benoit_Rech_FTNT wrote:you can check this KB article: ... Many thanks, but this does not match our scenario. Our FG is not a First- or Last-Hop Router, it does not process IGMP or PIM Registering. It has no idea about the RP, works only int...

topcu · 01-15-2019

chrismes wrote:Why is there added an access-list, which is never used int the config? Hi, chrismes asked for the purpose of the access-list in the fortinet configuraion guide. Honestly, this was also not absolutely clear for me, because the ACL ist n...

topcu · 09-20-2018

Many thanks! But the MTU was not an issue. Meanwhile we found out, that the configured Phase 2 Selectors did not include the Multicast IP-Address. After changing them to 0.0.0.0/0.0.0.0 the OSPF neighborship came up and routes are exchanged correctly...

Fortinet Community

User Statistics

User Activity

DNS Split: resolve internal and external names local on the fortigate on different servers?

Traffic Shaping and prioritizing local VPN Traffic (IPsec, IKE/ESP) on a shared WAN interface?

SNAT precedence: DNAT with nat-source-vip enabled vs. Central SNAT policy?

Report about policy hits: srcip+dstip+proto+port (FAZ/FMG)

diagnose cdb check policy-packages

Re: DNS Split: resolve internal and external names local on the fortigate on different servers?

Re: Traffic Shaping and prioritizing local VPN Traffic (IPsec, IKE/ESP) on a shared WAN interface?

Re: Multicast PIM Neigborship to HRSP Routers - RPF failure

Re: PIM-SM routing

Re: No OSPF neighborship on VPN-Tunnel. What's wrong?

Broad. Integrated. Automated.

Security Research

Company

News & Articles

Contact Us