I saw some conversation about stopping auto-upgrade on FGTs before after
7.2.8. And, we're doing it manually for those FGTs that are NOT managed
by FMG. Then when we tried the same for those managed by FMG, the change
was rejected because it's manage...
This version of FMG was released last week and now CVE-2024-47575 is
released as well.https://www.fortiguard.com/psirt/FG-IR-24-423However,
the release notes doesn't have anything in the resolved issue section.
Does this actually have the vulnerabili...
A basic question: Would Websocket app (TCP 443) traffic be filtered by a
policy with a Web Filter profile? Or do we need to match it with
Application Control in a separate policy before or after the web filter
policy?Thanks, Toshi
I'm working on migrating my home OpenSUSE machine I'm using for
freeradius server to authenticate admin and VPN users on my FG40F(7.2.8)
from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a
newer version of freeradius-server image.Th...
As all the other users at FortiCloud must have gotten, I received an
announcement email per email account for 2FA auth enforcement starting
June the 7th.My question is if it would apply to this Forum login
account. I've kept using my old account emai...
So, the default route is going into the tunnel. And if you ping 8.8.8.8
without specifying the source it looks for an IP configured on the IPsec
tunnel interface for the source IP. If you haven't configured the tunnel
interface IP, it would pick othe...
One last question for the Entra ID setting, @GeorgeZhong Would you
expect this "assertion + responses" signing option breaks SAML with
7.2.11 and older versions? If so we need to separate the Enterprise apps
if we have multiple FGTs in mix of <=7.2.1...
What's in "exe traceroute 8.8.8.8"? Does it show any hops?Also share us
"get router info routing-t all" for the first part that include default
routes (0.0.0.0/0) at the remote-site1.Toshi
As in the KB @GeorgeZhong referred to, 40% means it could be a TLS or
certificate issue. But did you check "diag debug config-error-log read"
when you upgraded to 7.2.12? It might have lost something during the
config conversion. Or if you're using d...
By the way the community is a transitive metric in BGP domain. So the
BGP neighbor (regardless it's another FGT or other vendor routers) who
receives those routes advertised from the local FGT would see the
community:1 as well in case that router nee...