We currently run v6.4.10 for our FMG-VM and manage bigger customer's
FortiGates(FGTs) totalling about 600 (soon to be 800+).And one of them
needs one VIP group (two VIPs) at all 500+ locations. We use policy
packages for this customer to standardize ...
I can't easily find this part of FGT-Managed FSW operation in the guid
books or somewhere else. So I decided to post this. I was trying to
figure out how to duplicate Cisco CBS switch's default QoS behaviors
with FSWs and looked like I messed up conf...
I just saw an RSS feed announcing FAC 6.5.0 release. Since other
products around FortiGate has version numbering scheme 6.4, 7.0, 7.2 so
far, it's a little surprise for me to see 6.5.0 as the FAC's new version
number. Then also realize the FAC genera...
The "bandwidth-unit" option described in the KB below (also in CLI
references) doesn't seem to exist at least on FG60E/60E-POE with 6.4.x
while I can see this option on 1000D/1500D we have. Is this limited to
some certain
models?https://community.for...
Not sure if this is because WPA3 SAE's spec is not allowing or making
this combination useless/meaningless. But with our 6.4.10
wireless-controller on a FGT, I don't seem to have an option for
wpa3-sae+captive-portal in the VAP's security setting, wh...
As the OP stated, it's done for a transitional setup to migrate from
Mikrotik to FortiGate without realizing "asymm routing" is not allowed
with a modern FW to prevent spoofing. What the OP needs to do is NOT to
have the same VLAN on both Mikrotik an...
I don't know any specificity of 501E or the old 6.0.6 software. But it
should work. At least we did in the past when we were running probably
6.2.x and we moved a pair of LAG/LACP ports from RJ45 to SFP. Adding the
SFP ports to the LAG first then rem...
You still need to configure another policy for out-to-in direction and
put the VIP "Test" in the destination address. In other words, you need
to a pair of policies, one for SNAT in in-to-out direction and another
for VIP in out-to-in direction becau...
2. yes 3. You didn't say the version of FGT, but my 7.0.11 40F shows
below:4. local-in policy is only via CLI as @tthrilok showed. So if you
don't know how, you haven't configured. Look at the admin guide
below.https://docs.fortinet.com/document/fort...
NPU is internal, no direct connection to physical ports. Therefore all
VLANs you put on the npu-vlink are internal. I would avoid overlapping
them with other VLANs on those physical ports though. I don't know what
would happen if you use the same VLA...