On Fortinet it’s the same logic as Cisco, just split in two places, and
that’s why it feels confusing at first.- A VLAN on the FortiGate is like
creating a sub-interface on a Cisco router (int g0/0.10 vlan 10).- A
VLAN on the FortiSwitch is like conf...
Blocking Instagram reliably without deep inspection is tough, because
the app shifts between QUIC, HTTPS and multiple CDN endpoints. Without
SSL inspection you can use the Social Media category, but it won’t give
you a 100% block rate.
You don’t assign VLANs directly on the FAPs in FortiLink mode because
all VLANs are created on the FortiGate and automatically propagated down
the FortiLink trunk. For the SSID, use tunnel mode and give that SSID
its own interface and subnet, which k...
You can absolutely do this, but those VMs need a path that doesn’t
traverse the FortiGate at all. The simplest method is to create a
dedicated VLAN/vSwitch in vSphere that uplinks to a router or switch
offering direct internet access, instead of an i...
I’ve seen similar behaviour when using FortiNAC with OpenLDAP behind
Juniper EX switches: the TLS/EAP flow completes, but the bind to LDAP
fails silently because the identity format doesn’t match what the
directory expects. Make sure the username for...
