The "bandwidth-unit" option described in the KB below (also in CLI
references) doesn't seem to exist at least on FG60E/60E-POE with 6.4.x
while I can see this option on 1000D/1500D we have. Is this limited to
some certain
models?https://community.for...
Not sure if this is because WPA3 SAE's spec is not allowing or making
this combination useless/meaningless. But with our 6.4.10
wireless-controller on a FGT, I don't seem to have an option for
wpa3-sae+captive-portal in the VAP's security setting, wh...
One of our FGTs managed by FMG somehow lost connection to the FMG. It
has two internet, wan1 and wan2. But probably when wan1 went down the
FMG changed connection to wan2, then wan2 went down. Currently wan1 is
up and operational, but somehow the cen...
Last night one of FWF60Es' upgrade process for 6.0.10->6.2.7->6.2.9
caused the device to be offline in the first step (judged based on saved
config revisions). Likely the first reboot got stuck and can't come up
with 6.2.7 since the public IP on wan1...
We have many customers who have an IPsec VPN from customer's each
location with an FGT/FWFrouted all internet traffic over the VPN toward
the customers centralized FW VDOM in our core network.We manage some of
larger customer's CPE FGTs/FWFs by our F...
I found a KB for your situation. Did you follow this
instruction?https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-VIP-access-using-GEO-Location/ta-p/206778
As described at the end of this KB, your deny policy is most
likely miss...
So you're saying you have some VIP policies to allow outside parties to
come through the FGT and forwarded to internal servers like Web server,
FTP server, etc.Then the traffic from Russia is actually hitting those
internal servers, right? You need t...
There are two separate policy sets:- Firewall Policy (config firewall
policy)- Local-in Policy (config firewall local-in-policy) Firewall
Policy handles traffic coming in one interface and going out another
interface. Local-in Policy handles traffic ...
That generally means the static route was misconfigured whoever
configured it. You need to judge if you can/should remove it based on
the destination subnet. Toshi
I know where your concerns are coming from. Like old Cisco 8xx series,
there was limitations like 8 vlans, etc. Although I don't see any hard
limit of VLAN interfaces in the maximum value
table:https://docs.fortinet.com/max-value-tableI think, if the...
