A basic question: Would Websocket app (TCP 443) traffic be filtered by a
policy with a Web Filter profile? Or do we need to match it with
Application Control in a separate policy before or after the web filter
policy?Thanks, Toshi
I'm working on migrating my home OpenSUSE machine I'm using for
freeradius server to authenticate admin and VPN users on my FG40F(7.2.8)
from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a
newer version of freeradius-server image.Th...
As all the other users at FortiCloud must have gotten, I received an
announcement email per email account for 2FA auth enforcement starting
June the 7th.My question is if it would apply to this Forum login
account. I've kept using my old account emai...
When we configure this SSL VPN MAC address filtering, what system limit
would dictate the max number of MAC addresses we can configure on an FGT
(no
vdom/muti-vdom)?https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VP...
Please let me make sure the order a FGT examine policies.If there is a
specific policy from a specific interface like "lan" to another specific
interface like "wan1" with "any" source and "any" destination, it would
be examined before another policy ...
I think the problem with https://pub.kb.fortinet.com/rss/firmware.xml is
the site is using a self-signed certificate. While
https://support.fortinet.com/rss/firmware.xml site is DigiCert signed
cert.When I tried setting up an account at Thunderbird w...
This is not specific to FGTs because this is a common BGP/AS design
issue. Even if you replace your FGT with a Cisco router, Juniper SRX, or
Nokia router, you still need to use "as-override" option. I think it's
in an RFC, which I haven't confirmed t...
If changing AS at each VPC is not an option, try "as-override" option on
your FGT as in
below:https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-allowas-in-enable-or-as-override-when-local-AS/ta-p/197448Toshi
Just ignore whatever I said above. I wish I could delete my comments but
it does't let me. In ADVPN context, the neighbor-group seems to be used
specifically. My comments seem to be off the mark completely.Toshi