A basic question: Would Websocket app (TCP 443) traffic be filtered by a
policy with a Web Filter profile? Or do we need to match it with
Application Control in a separate policy before or after the web filter
policy?Thanks, Toshi
I'm working on migrating my home OpenSUSE machine I'm using for
freeradius server to authenticate admin and VPN users on my FG40F(7.2.8)
from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a
newer version of freeradius-server image.Th...
As all the other users at FortiCloud must have gotten, I received an
announcement email per email account for 2FA auth enforcement starting
June the 7th.My question is if it would apply to this Forum login
account. I've kept using my old account emai...
When we configure this SSL VPN MAC address filtering, what system limit
would dictate the max number of MAC addresses we can configure on an FGT
(no
vdom/muti-vdom)?https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VP...
Please let me make sure the order a FGT examine policies.If there is a
specific policy from a specific interface like "lan" to another specific
interface like "wan1" with "any" source and "any" destination, it would
be examined before another policy ...
It might take a day depending on how busy the CS team is. But if you can
open a case prior to when you need to get them transferred, you can ask
them when to transfer. I did this recently to transfer FortiTokenMobile
licenses to another FGT.Toshi
Are you saying you changed the either HTTPS or SSH admin access port to
6712 like below: config system global set admin-sport 6712 set
admin-ssh-port 6712 endthen, trying to access the destination FGT?But as
the flow debug is showing, the destinatio...
First, 172.47.7.1 is one of this destination FGT's interfaces. msg=
"find a route: flag=80000000 gw-172.47.7.1 via root"What is your app, or
are you, trying to establish at TCP port 6712? I don't think that's not
one of FGT's listening ports.Then, th...
Regardless active-passive or active-active, most of config on both units
has to be identical, or the secondary syncs with the primary config. You
can not have different config on wan interface between two units.What
you need to do is to have a vlan s...
The source port 19313 is the app's 3rd attempt after 19311 and 19312.
But at least the first 19311 attempt should have gone out through wan2
without an offload attempt. But it didn't get any reply back (SYN/ACK)
from the destination. What filter did ...