On my Fortigate 300A, I have an FTP server with internal addressing on
an internal interface. I set up a VIP with an external (internet
routable) IP address so that users on the internet can access the
server. The firewall rule specifies only " FTP" ...
As everyone here knows, NETBIOS and other local broadcasts are denied by
default in the Fortigates, and logging shows every single broadcast. How
can this be stopped? I tried to create a rule allowing the broadcasts,
which would then cause them not t...
Our Fortigate blocks sites as it should, but occasionally, we want to
allow a site that would otherwise be blocked. I' ve found three ways to
allow a blocked site, and I' m wondering which is the " best" way...or
the reasoning you might use behind ea...
We want to filter our certain web sites with our Fortigate, preventing
internal machines from reaching these sites. Must we have outgoing and
incoming rules? It would seem that we would only need outgoing rules.
However, in a typical firewall if you ...
I just noticed the following message on my dashboard' s Alert Message
Console: " Fortigate has reached system connection limit for 31 seconds"
. It occurred four times, each time with different numbers of seconds,
the most was 66 seconds. What does t...
Here it is. The destination port range is specified on the server. I' m
not sure how default-FTP would do it. Although one is not permitted to
see how that service is defined, is passive factored into it? If so, I
don' t have to create this new servi...
Ede, because I AM a woodchopper, I will go over what I did. I created a
custom service, FTP-PASV, delineating the port range allowed by my
server. Then I added a rule in WAN->Internal: source=any
destination=FTPserver (VIP) service=FTP-PASV I think t...
Ede, another question. I already had a rule for internal->external, All
to All, service ANY, with " interface NAT" configured. Until now, it was
the only outgoing rule. Why wouldn' t the external user have seen the
external interface' s address, rath...