Hello, please help me understand this article. I have a WAN interface in
a SDWAN zone which is used for DNAT. And occasionally the policy that
contains the VIP won't get hit and traffic doesn't pass. Now there's
this article explaining how to handle ...
Hello, we need to switch from Dual Stack SSL VPN to v4 only, since we
need SNAT4 on some policies for traffic originating from SSL-VPN. Is it
safe to "set dual-stack-mode disable" or will this remove / invalidate
all existing policies? The current po...
Hello, in the proccess of troubleshooting my Entra SAML DialUp IPsec
tunnel I noticed something weird. While SAML auth via TCP 9443 worked
fine, the handover to the IKE negotiation didn't work. There were no
packets being received by FortiGate referr...
Hi,we use SSL-VPN with FortiClient via Entra ID SAML. We have 3 Entra
groups for accessing SSL-VPN. The IP range for all clients on SSL-VPN is
192.168.15.1 - 192.168.15.254. Strangely, when a clients gets the
assigned the IP 192.168.15.1, FortiClient...
Hi,we have two /29 IP blocks from our ISP. IPs from the first block are
used for SNAT and a few VIPs. There are two default routes, one for each
gateway because both subnets have different gateways. We didn't want
ECMP, so we increased the distance f...
Hello, turns out FortiClient was just doing FortiClient things again and
I had to rebuild the IPsec profile several times (with the same
parameters). Now it's working.
Yes, these users are in the same Entra Group. Maybe this makes it
clearer:Client A, Entra Group 3, 192.168.15.1 > Doesn't workClient B,
Entra Group 3, 192.168.15.1 > WorksClient C, Entra Group 2, 192.168.15.1
> WorksClient A, Entra Group 1, 192.168.1...
