Our ForitClient installations (v6.0.10) are all controlled by EMS
(v6.0.8). Multiple end-users successfully use FortiClient IPSec VPN for
remote work from homes. So IPsec VPN tunnel both on FortiGate end and on
FortiClient EMS side proved to be confi...
We have WiFi networks with WPA2 Enterprise security successfully working
in our environment. After recent firmware upgrade from v.5.2.3 to
v.5.2.5 on all our FortiGate and FortiWifi boxes, old computers with
Windows XP on them cannot connect to the w...
I activated "Detect and Identify Devices" feature on some FortiGate
interfaces, and then customized some devices detected on those
interfaces for identification and adding to Customs Device Groups
purposes . But now I can't delete those customized de...
Many network interfaces on my FG unit (FG-500D) are in use. I have no
problem creating multiple firewall policies between hardwired
interfaces, but could only create a single policy between a WiFi
interface and any of wired ones. Every attempt to add...
When I look through datasheets of new FortiGate units I see that they
(except low models) have a Management Port, and some have even 2 (i.e.
FG-300D, FG-500D,...). I have few questions re. those management ports.
1. Why someone needs to dedicate a po...
Never mind. Reboot of ISP's router solved the problem immediately . What
was unusual however, except IPsec VPN all other network traffic was
passing the router without any issues. That's why I excluded it from my
troubleshooting efforts. Spent have a...
Bromont wrote:Vic, turns out the root cause of your issue is that the
RC4 cipher was removed in 5.2.5 Whether Fortinet is going to fix it (I
mean putting RC4 cipher back into next maintenance release) or not -
that is not so critical now (at least fo...
localhost wrote:the certificate will still be used to create an
encrypted channel to exchange the authentication information. I think
this answer put a final dot to the conversation. Thank you localhost and
all for the input.
emnoc wrote:If this ( your new problem ) is just a new SHA256 cert, why
can't that be changed? And why hasn't TAC suggested it? That's a good
question. This is an "iteration" of my own question I can't get answer
to from anyone: "Why we can't disable...
Bromont wrote:Ok Vic, I didn't suggest removing username/password
authentication, I suggested removing the mac authentication during
troubleshooting. You had this suggestion already, and I did respond to
it early in the thread. Yes, for troubleshooti...
