FortiGate Central SNAT cannot translate “Any” source port to one fixed
TCP port. It only uses dynamic port allocation (PAT).To control ports,
you’d need policy-based NAT, and even then fixed source ports are very
limited and not recommended.
Hi — frequent disconnections with FortiClient 7.4 IPsec VPN are often
caused by IKE or dead peer detection (DPD) timers being too short, or
NAT/keepalive issues. Try the following:Increase the IKE SA and DPD
timers on both VPN servers.Enable VPN keep...
You can’t add a WiFi SSID directly to an SD-WAN zone — only routed
interfaces can be SD-WAN members.Your SSID (wqtn.30.wifi) sits inside
the software switch, so SD-WAN never sees it as a WAN interface.To fix
it, you must break the SSID out of the swi...
Verify OSPF DatabaseCheck the LSDB (Link-State Database) on FGT2 to see
how the /30 route is advertised in each area:get router info ospf
databaseLook for the Type-1 LSAs (Router LSAs) and Type-3 LSAs (Summary
LSAs).Confirm which area is advertising ...
The local-only device upgrade affects only that specific device. The
secondary-only upgrade updates secondary devices, leaving the primary
FortiGate unchanged. Understanding this helps prevent accidental
upgrades on critical units.
