If you’re seeing a 10.x source on FAC Cloud, it means there’s an
intermediate NAT device rewriting the source before it reaches the
internet. FAC Cloud will always display the final source IP it
receives.https://docs.fortinet.com/document/fortigate/7...
You won’t find a full “decode everything” guide for every diagnose
output because it doesn’t exist publicly. The best sources are the
official Fortinet training, community articles, and the CLI Reference,
which explain the most useful diagnose comman...
On Fortinet it’s the same logic as Cisco, just split in two places, and
that’s why it feels confusing at first.- A VLAN on the FortiGate is like
creating a sub-interface on a Cisco router (int g0/0.10 vlan 10).- A
VLAN on the FortiSwitch is like conf...
Blocking Instagram reliably without deep inspection is tough, because
the app shifts between QUIC, HTTPS and multiple CDN endpoints. Without
SSL inspection you can use the Social Media category, but it won’t give
you a 100% block rate.
You don’t assign VLANs directly on the FAPs in FortiLink mode because
all VLANs are created on the FortiGate and automatically propagated down
the FortiLink trunk. For the SSID, use tunnel mode and give that SSID
its own interface and subnet, which k...
