TL;DR - how can I tell the *actual* IPv6 prefix delegated from the
upstream? A customer's 60E is running FortiOS 7, the prefix-hint asks
for a /60 from the WAN1 upstream, but it doesn't seem to be getting that
prefix, but I can't find any place where...
While tracking down some IPv6 issues, I have been unable to find the
meaning of the "flags" field in output from the diagnose ipv6 address
list command. All three of my VLANs worked fine on IPv6, but this
morning one of them wasn't. Huh? Policy ws ri...
Late to this game, but I ran into this tonight.When Fortinet sends the
email with the activation code, it sends it from the user who is also
the recipient, and there are plenty of email systems - including mine
and that of my customer - who reject em...
My customer who has the questionable configuration won't be back until
next week, but I'd be disappointed if FortiGate reported the *actual*
prefix as a "hint", which is what I think you're suggesting. We'll find
out in a day or two.
jfernandz wrote:So what could explain that apparently I'm not able to
reach any host in VLAN 10 from VLAN 20 if NAT is not enabled? On VLAN20,
are all the hosts using interface "internal1" using 172.20.1.1 as their
default gateway? If NAT is enabled ...
[strike]I'm not familiar with the ADC, but using both a Virtual IP
(which does NAT) *and* an IPv4 policy that enables NAT, would do
something like that. Inbound policies should almost never use NAT when
they're hitting a Virtual IP.[/strike] Oh, this...
I suppose if it were me, I'd get into the CLI and run something like:
diagnose sniffer packet any "tcp port 25" 4 and see what's doing this
translation in the Fortigate; maybe it will tell you something? Do you
have a Virtual IP defined anywhere that...