Hello all. I'm experiencing some difficulties with using Web Filtering
and SSL Inspection. My test policy has blocked the usual culprits
(social media, gambling, porn, etc.) and I have a test machine and user
going to the Internet via the policy. Thi...
Hello all. I've enabled an Automation stitch to email me whenever any
other admin signs into the FGT (6.2.1) and makes any changes. Those
emails look like this: FGT[FGxxxxxxxxxxxxxx] Automation
Stitch:Config-Change is triggered.date=2020-06-29 time=0...
Hello all. A lot of remote access IPsec clients see random phase2 down
messages. I was wondering how do i go about getting to the root cause of
each phase2 down instance? I'd like to know if it was just due to DPD
deciding FGT can't see the client fo...
Hello all. Web filtering with Full SSL Inspection, we've deployed the FW
default certificate to end user PCs and for the most part inspection
runs without a hitch. Sometimes however we get a cert error like the one
I've attached (I was testing to mak...
Thank you for this. We ended up breaking another HA of two 301E units
and using one of those as the test unit. It'd have been easier to do the
501E production one but higher ups wanted to be cautious, which I agree
with. So now the 301E is humming al...
Thank you for this great reply, ede. I hadn't considered patching and
upgrading as separate processes but you're absolutely right. After I
reviewed 6.4.6's release notes, there aren't many features that would
justify an upgrade for now. Our biggest u...
Run netstat on the machine you're trying to connect to, confirm that TCP
3389 is listening. Once that's confirmed, you can run diag sniffer
packet any 'port 3389' 4 at your FGT's CLI to capture packets as
suggested by lobstercreed. That should help y...
toshiesumi wrote:If your network tolerate longer downtime, you could
isolate the backup in case the upgrade is not one step like your case.
If one step, it's easy to swap the boot partition back if something goes
wrong.But eventually you need to figu...