The "bandwidth-unit" option described in the KB below (also in CLI
references) doesn't seem to exist at least on FG60E/60E-POE with 6.4.x
while I can see this option on 1000D/1500D we have. Is this limited to
some certain
models?https://community.for...
Not sure if this is because WPA3 SAE's spec is not allowing or making
this combination useless/meaningless. But with our 6.4.10
wireless-controller on a FGT, I don't seem to have an option for
wpa3-sae+captive-portal in the VAP's security setting, wh...
One of our FGTs managed by FMG somehow lost connection to the FMG. It
has two internet, wan1 and wan2. But probably when wan1 went down the
FMG changed connection to wan2, then wan2 went down. Currently wan1 is
up and operational, but somehow the cen...
Last night one of FWF60Es' upgrade process for 6.0.10->6.2.7->6.2.9
caused the device to be offline in the first step (judged based on saved
config revisions). Likely the first reboot got stuck and can't come up
with 6.2.7 since the public IP on wan1...
We have many customers who have an IPsec VPN from customer's each
location with an FGT/FWFrouted all internet traffic over the VPN toward
the customers centralized FW VDOM in our core network.We manage some of
larger customer's CPE FGTs/FWFs by our F...
FGT stainds for FortiGate. You can use either GUI PCAP or CLI "diag
sniffer packet" command. I would say CLI is quicker&easier in case you
don't have to see the content of the packets. Toshi
You need to troubleshoot with first sniffing when she pings from
terminal. If it's coming in to the FGT, the problem is likely in the
FGT. But if not coming in, it must be on the VPN client side or the
Macbook. Toshi
I found a KB for your situation. Did you follow this
instruction?https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-VIP-access-using-GEO-Location/ta-p/206778
As described at the end of this KB, your deny policy is most
likely miss...
So you're saying you have some VIP policies to allow outside parties to
come through the FGT and forwarded to internal servers like Web server,
FTP server, etc.Then the traffic from Russia is actually hitting those
internal servers, right? You need t...
There are two separate policy sets:- Firewall Policy (config firewall
policy)- Local-in Policy (config firewall local-in-policy) Firewall
Policy handles traffic coming in one interface and going out another
interface. Local-in Policy handles traffic ...
