Hello, Looking for a way to track Global Object usage in a multi-VDOM
enviroment and be alerted when about to hit limit. For example, know
when I am about to configure 5000 firewall-addresses. For
reference:(resource-limits) # get session : 0 ipsec-p...
Hello Everyone, Recently I've been researching on devloping an IPS
signature that could log TCP retransmission. This would be used in
correlation with times when link saturation is occuring. Just would like
some input from the community if anyone has...
I have a two unit HA cluster (override disable). Working with Remote
link failover.
http://docs.fortinet.com/uploaded/files/2177/fortigate-ha-526.pdf(page
243) I am able to successfully fail the cluster over when ever I break
the Link-Monitor. But on...
Hello every one. I believe i found a bug. so setting up a site to site
IPSEC VPN between 100D 5.2.1 and 60D 5.2.0.When I tried using the below
DH groups for the phase1 the devices kept giving me some weird errors..
DH Group 19: 256-bit random ECP Gro...
My company is a MSP and working on deploying the FPC. I have a general
question to the Fortinet Community. I was wondering if anyone has any
experience on rolling this enviroment out and supporting it. if so, do
you have any pointers or tips? Thanks ...
Ok so to answer my own post, after testing with different HA settings
(config sys ha) it wasn't untill I enabled: 'set
pingserver-slave-force-reset enable' and then the cluster work as
expected. Once the Link-monitor failed, cluster would failover to...
I know this is solved but here is a handy trick for the lab. while you
are testing only, a useful command to force a unit to become the Master
is: 'diagnose sys ha set-as-master enable' (page 43) this command is
only to be used in a lab environment.
...
Hey Bart,No problem. Could you post the Fortigate CLI diag flow output
of that ping test? After taking a look at your topology, I have a couple
of theories: 1. Your HP Switch is not tagging, or tagging wrong VLAN
associated with the 192.168.5.x subne...
Hey Sceda, Could you run the below debugs in the Fortigates CLI while
trying to ping 8.8.8.8? diag debug reset diag debug enable diag debug
flow show console enable diag debug flow filter addr 192.168.5.x diag
debug flow trace start 200 and when fins...
