Hi. Could you please share topology and configuration files ?For now I
see one issue that is not resolved - asynchronous paths with iBGP. To
fix it I've used route-map on each spoke with "set set-ip-nexthop" for
each peering IP address.Interested - h...
So it seems to be a root cause. With deep inspection enabled FG should
be able to block mentioned extensions.If you enable it - it will not
block traffic itself, but you need to prepare your end users to this.
Take a look on this:
https://cookbook.fo...
Hi. The very possible reason is that by default BGP doesn't advertise
routes if they are not in routing table. You may check it by #get router
info routing-table all For your case you should have specific route for
10.10.10.10/32 and then it will be ...
Hi.To block this you may simply create Application Control profile with
these apps blocked (or "Proxy" category at all) and apply it on your
lan-to-wan firewall policy. Fortinet already has signatures for these
applications.https://fortiguard.com/app...
