We have some FortiAP's set up with our FortiGate, and a few SSID's
assigned around. The last SSID to be created is for guests. One of the
things that I enjoy about Cisco Meraki access points is the ability to
require guests to get permission from an ...
We have a pair of FortiGates in an active/passive cluster, and have
created a secondary VLAN Interface for VoIP traffic.We have Netgear
switches with Auto-VoIP-VLAN enabled. This works by matching MAC
prefixes. It appears that FortiGates do not allow...
New FortiGate admin here. We have two internet connections. I'm looking
to shape traffic so specific connections prefer WAN2, while everything
else prefers WAN1. Criteria would need to include connections to outside
servers (both ingress and egress) ...
New Fortinet admin here. I'm looking to configure the built-in DHCP
server to push an alternate VLAN & Subnet based on MAC address. This
would be used for VoIP phones. For example, the DHCP server would hand
out 10.0.0.2 on VLAN 0 to the first non-Vo...
New FortiGate admin here. I'm looking to enable web-admin on the WAN
ports, but only allow access from specific IP addresses. I've created
the address objects, but am not seeing how to configure a firewall
policy. There would (obviously) be no outgoi...
@Atul_S The HA'd VLAN Switch interface has its own MAC address, which is
not based upon the underlying interface(s). I could still alter the
underlying physical ports' MAC addresses, but doing so would have no
impact on the switch, as it doesn't "see...
Just a quick follow-up that we went with Auto-VoIP-VLAN on our switches,
and created a separate LAN (VLAN Interface) on the FortiGate side of
things. It works, but has introduced another conundrum. Separate post on
that here:
https://community.fortin...
SD-WAN looked like it would do the trick, but would also be quite a bit
more setup work and quite a bit of over-kill. I wound up going with
Static Routes to set WAN1 as the general-preference and WAN2 for
failover, and then doing very simple Policy R...
Local policies look powerful. But, I went with something a little
simpler: a Virtual IP + Firewall Policy. The virtual IP forwards the
webui port through to the firewall's internal address, and the firewall
policy controls who has access.