Hello, We recently purchased some Fortigates (based on pre-sales
advice), having a requirement that user authentication on an SSL portal
could be configured to use LDAP AND RADIUS (not OR). i.e. on logon to
the portal, the user needs to enter both LD...
Hello,I have installed a Fortigate (200E, 5.6.4) as an inline IPS (VDOM
running in transparent mode).Now when users attempt to connect to an SSL
device through which the traffic is passing, the certificate is
presented to the user as coming from the ...
Hello,Just wondering if anyone has managed to export Fortigate address
host objects and ip addresses to a text file or csv etc ?What I am
really trying to achieve is to identify any inconsistencies in the
address objects where either the host no long...
Hello, Our client has acquired a Fortimanager 200D to provide some
redundancy for an existing 400A. Given that these two units can' t be
clustered (different models), has anyone had experience with maintaining
configuration databases between differen...
Have a problem, one of our admins entered wrong login password, now we
get the " Too many bad login attempts... try again in a few minutes"
message. Trouble is, it' s been like this for three weeks. We have other
ways of remote access but our primary...
Many thanks Tomas, Yes the chained authentication is just what I need
(as it was in the original design).Unfortunately the authentication
servers cannot be separated as the LDAP servers are local to the
country, and will determine which portal the us...
Hello,We recently purchased some Fortigates (based on pre-sales advice),
having a requirement that user authentication on an SSL portal could be
configured to use LDAP AND RADIUS (not OR). i.e. on logon to the portal,
the user needs to enter both LDA...
Found my issue, apparently is a bug in 5.6.4.Default
"certificate-inspection" profile when creating a transparent mode VDOM
is "Full Inspection", not "Certificate Inspection". Was not looking
closely enough :(
Thanks Somu,Certainly that is the starting point. What I am aiming to do
is extract the host objects (i.e. address object with type "ipmask" and
mask "255.255.255.255") and further process just these. So I'll need
some scripting to do that. Regards,
