We currently run v6.4.10 for our FMG-VM and manage bigger customer's
FortiGates(FGTs) totalling about 600 (soon to be 800+).And one of them
needs one VIP group (two VIPs) at all 500+ locations. We use policy
packages for this customer to standardize ...
I can't easily find this part of FGT-Managed FSW operation in the guid
books or somewhere else. So I decided to post this. I was trying to
figure out how to duplicate Cisco CBS switch's default QoS behaviors
with FSWs and looked like I messed up conf...
I just saw an RSS feed announcing FAC 6.5.0 release. Since other
products around FortiGate has version numbering scheme 6.4, 7.0, 7.2 so
far, it's a little surprise for me to see 6.5.0 as the FAC's new version
number. Then also realize the FAC genera...
The "bandwidth-unit" option described in the KB below (also in CLI
references) doesn't seem to exist at least on FG60E/60E-POE with 6.4.x
while I can see this option on 1000D/1500D we have. Is this limited to
some certain
models?https://community.for...
Not sure if this is because WPA3 SAE's spec is not allowing or making
this combination useless/meaningless. But with our 6.4.10
wireless-controller on a FGT, I don't seem to have an option for
wpa3-sae+captive-portal in the VAP's security setting, wh...
First only thing you need to change on the FortiGate side is 3) and 4)
in the doc since you already have one working.And the error seems to be
on the Azure AD side by the way the enterprise app was created. So
doesn't seem to be anything to do with F...
Not a work around but that's what you needed to do if 128.1.0.0/16 is
configured as a part of network selector in Phase2. No other IPs would
work. If you cut out a chunk of IPs from a LAN subnet and use it for SSL
VPN Client IP range, that's probably...
Again, take a look at the policy allowing the Azure access for the users
over MPLS, MPLS->Azure. Is it NATed? And check IP on "Azure" VPN
interface. To NAT that policy, the IP on Azure int have to be within the
/16. If not, you need to remove the NAT...
Your objective is to set up multiple SSL VPN user groups based on groups
on Azure AD, like Group1, Group2, ... Right?Then you just need to create
different groups under "config user group" with the same SAML server
name but different group-names copi...
In other words, there should be policies to allow other sources
accessing to "Azure" including the remote location's VPN. Check those if
those are NATed as well. If so, likely Azure side has route only back to
that Azure VPN interface IP on this FGT....