Hi, we started getting packet loss through one interface of our 601E,
SSH sessions on the far side of the fortigate are very slow and lagging,
pinging to those ssh hosts results in around 5-20% packet loss, pinging
from either side of the fortigate t...
Hi we have a firewall cluster in another country with an IPSEC VPN back
to our local termination point. We can access the primary firewall using
its LAN interface, but we need to be able to access the secondary
firewall directly aswell (for snmp moni...
Hello, Can someone confirm if we build a new VM in Azure, and choose
BYOL, can we then use a license from our existing FortiFlex licensing?
Or can it only be a traditional license?
So using fgm logs and faz they both show me the same results. for some
tcp session we can see number of packets sent and received is 0, along
with data transferred 0, this makes sense, tcp handshake probably
doesn't complete (or does complete then re...
Hi when we build new VM02 firewalls and allocate 2 cpu's in vcenter,
after applying the license the dashboard shows: Allocated vCPUs 1/2 50%
It seems to indicate it has 2 CPU but only one is in use, do we need to
do anything further?
Hi there is no loop, pinging devices in the same subnet of that
interface results in loss also. It is a cluster, we have rebooted both
members, both members have the same packet loss. HA is in sync. What I
mean was, traffic traversing the fgt gets pa...
It's a fair question but the other answer is correct, phase 2 selectors
are negotiated and it depends on the other end vendor, Check Point for
example will also pick the largest mask size so Selector 1 and 2 would
never establish in the first place (...
Your mail server must currently have a rule allowing it out to the
Internet on port 25 (among other ports potentially). Just add a schedule
to that rule. ie 05:01-00:59 its enabled.
thanks for the reply, these are actually VM's in Azure, the theory would
still work using a shared vlan, unfortunately they don't trust us
network folk in the backend of Azure :( I suspect using a layer 3
capable switch could make it work aswell, put...
How random are the random macs? if the first few octets remain the same
you can use a wildcard match in the mac address field. Usually first 6
digits are the vendor code that may not change even when randomising.
Sounds like the problem could be solv...
