When we configure this SSL VPN MAC address filtering, what system limit
would dictate the max number of MAC addresses we can configure on an FGT
(no
vdom/muti-vdom)?https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VP...
Please let me make sure the order a FGT examine policies.If there is a
specific policy from a specific interface like "lan" to another specific
interface like "wan1" with "any" source and "any" destination, it would
be examined before another policy ...
I'm referring two KBs below for this
issue:https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-alt-primary-alt-secondary-DNS-server/ta-p/275269https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-per-VDOM-DNS/ta-p/1...
We recently upgraded our FortiManager-VM from 7.0.8 to 7.2.4 and have
discovered the Meta Field we've been using to "plug" values per device
into CLI templates are not supported any more and have to migrate all
those per-device mappings from Device M...
I couldn't find any article clearly saying either "not possible" or "how
to do it" online so far. But most of our FortiToken Mobile users who
tried migrating from an old phone to a new phone told me a migration
didn't work. So we always reactivate a ...
I think it's already open. At least I could ping 89.10.16.174 from my
end (in the U.S.).Since it's public IP on their device routed through
your FGT without NAT, no VIP is needed.[toshi_esumi@our_host]$ ping
89.10.16.174PING 89.10.16.174 (89.10.16.17...
Your command shouldn't work if you put 'test_IPSec_VPN' in the
sniffer(tcpdump) filters between single quotes. The avilable options are
like in this
article.https://infosecmonkey.com/quick-tip-how-to-run-sniffer-on-fortigate-cli/Toshi
Make sure you have two policies from internal2 to internal3 and from
internal3 to internal2.Try sniffing 'any' interface for icmp, then ping
from one side to the other. Like...diag sniffer packet any 'icmp' 4 0 l
(last letter is lower-case 'L')You sh...