Hello all,this request regards to DNS name resolution on the fortigate
local only! The configuration of the firewall was changed to per-VDOM
dns, because FQDN objects in that vdom should be resolved by an external
nameserver. But unfortunately this l...
Hello, we share the bandwith of an ISP uplink on a Fortigate (FWF60E,
v6.2.7) to connect a VPN tunnel to a central hub but also to provide
local internet access for users and systems connected on the fortigate.
I want to control the bandwith of the W...
Hello all,we have configured a DNAT policy, that matches a wide /16
external IP-range to an internal IP-range. On this policy
"nat-sourcer-vip" is also enabled, so that bidirectional initiation of
Extranet communication is possible. One of the Hosts ...
Hello all, because I want to optimize some roughly builded policies on
our firewalls, I need an overview about actual communications, that are
passing through some policies in a 3 month history review. I thought
about to use the report feature of the...
Hello, the upgrade procedure for FortiManager recommends before and
after performing an upgrade, to check various outputs. So it recommends
to check the integrity of the policy packages with the "diagnose cdb
check policy-packages" command and gives ...
Hi pa_iva, many thanks for your reply.Yes, actually this works. I built
this in a lab and did packet captures. The Fortigate is always asking
both, the primary and secondary, regardless which domain is asked, and
it will get an answer of one of both ...
You are right, we talking about a traffic shaping policy. Assume the
following configuration:WAN1 (internet uplink) uses DHCPThis interface
is the tunnel sourceThe tunnel destination is 18.104.22.168 Finally I try to
catch the ipsec traffic, that is source...
Hi Benoit,Benoit_Rech_FTNT wrote:you can check this KB article: ... Many
thanks, but this does not match our scenario. Our FG is not a First- or
Last-Hop Router, it does not process IGMP or PIM Registering. It has no
idea about the RP, works only int...
chrismes wrote:Why is there added an access-list, which is never used
int the config? Hi, chrismes asked for the purpose of the access-list in
the fortinet configuraion guide. Honestly, this was also not absolutely
clear for me, because the ACL ist n...
Many thanks! But the MTU was not an issue. Meanwhile we found out, that
the configured Phase 2 Selectors did not include the Multicast
IP-Address. After changing them to 0.0.0.0/0.0.0.0 the OSPF neighborship
came up and routes are exchanged correctly...