Re: VDOM setup or FortiManager setup

IrbkOrrum · 03-27-2025

I'm trying to lock down some of my web rules. The issue is many of the server owners don't understand what web access they "need" so I resort to turning on full logging. I put a more restrictive rule above the less restrictive rule, and check the log...

IrbkOrrum · 03-13-2025

We already have a FortiNet in place with "outbound" policies pointing to WAN1 because we were going to use an ISP aggregator in front of the FortiNet. Now things have changed and management no longer wants to use the ISP aggregator and use the built ...

IrbkOrrum · 03-10-2025

Short version of the story, I've got an external SDWAN provider but traffic through the SDWAN provider is doubling my ping latency. The provider says it's a routing issue that's outside of their control and they've submitted a ticket but if or when t...

IrbkOrrum · 03-04-2025

I'm following the directions found herehttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-iCloud-Private-Relay-from-bypassing/ta-p/228629Which are supposed to allow you to block the iCloud private relay but in a somewhat graceful ...

IrbkOrrum · 02-27-2025

Many moons ago, when I was first learning FortiGate firewalls, I was taught to use the VPN IPsec Wizard to create the initial VPN but then convert the tunnel from a "Site to Site - FortiGate" tunnel to a "Custom Tunnel". At the time I wasn't doing ma...

IrbkOrrum · 03-28-2025

Ok, I've created a duplicate of my web filtering policy but set everything that was 'allow' to 'monitor'. I'll see what happens. Thanks!

IrbkOrrum · 03-27-2025

Oh, I'd not thought of that. Where does that end up in logs? Is that under a specific location or does it still end up under the "show matching logs" when you right click on a rule?

IrbkOrrum · 03-27-2025

Unfortunately, I'm no longer on site at that location and able to test.

IrbkOrrum · 03-27-2025

I ended up not needing to do what I thought I would, however your suggestion is very helpful because you can't have a SDWAN default gateway and a default gateway. I would have to change the default gateway to be a specific static route to my remote I...

IrbkOrrum · 03-10-2025

This is NOT fortinet SDWAN.  This is an external provider.

User Statistics

User Activity

Originally accessed website in logs

Create SDWAN after the fact

Monitoring from FortiGate

Issue with gracefully blocking iCloud Private Relay

"Custom" tunnel vs "Site to Site - FortiGate"

Re: Originally accessed website in logs

Re: Originally accessed website in logs

Re: Issue with gracefully blocking iCloud Private Relay

Re: Create SDWAN after the fact

Re: Monitoring from FortiGate

Re: VDOM setup or FortiManager setup

VDOM setup or FortiManager setup

Re: Remote Access IPSec VPN to sub-VDOM

User Statistics

User Activity

You are leaving our website