Fortinet Community

Andre_Backs · 07-06-2017

Hi all,I'm testing different setups wit IPsec Tunnels on a Fortigate 200D.The first tunnel I made is: edit "p1-edam" set type dynamic set interface "wan1" set peertype one set proposal aes256-md5 set dpd disable set dhgrp 2 set nattraversal disable s...

Andre_Backs · 02-16-2017

Hello learned people, please consider this Scenario:On a Fortigate 200D OS v5.4.1 I need to source NAT multiple subnets into one subnet before going into a IPSec tunnel.e.g. 10.87.1.0/24, 10.92.22.0/24, 10.100.5.0/24 (up to some 70 subnets) need to g...

Andre_Backs · 06-09-2016

Hello my learned friends,I have a question: is it possible on a Fortigate 200D to set up an IPSec tunnel as a responder only?As an initiator it seems to go about trying to make a connection so aggressively that it sometimes overwhelmes the responding...

Andre_Backs · 05-13-2016

Hi all,I have a perfectly normal IPsec tunnel that normaly works fine.However, once in a while the connection gets lost and the Fortigate goes crazy.Debug shows thousands of quickmode requests.Here is a piece of debug after I flushed the tunnel on CL...

Andre_Backs · 12-31-2014

Hello all.Happy New Year and all the best wishes for 2015. I have a question about restricting admin access to the Fortigate.I run a Fortigate 200D version 5.0 patch 7 and need to set up an admin profile so that our servicedesk people have readonly a...

Andre_Backs · 07-11-2017

Ede,it looks you might be right here.But I also learned that the IKE mode should be set to Aggressive in order to get the authentication right.In any case, I switched back to IKE mode Main and use Static IP Address for the tunnels I needed to set up....

Andre_Backs · 06-10-2016

> You can set it as a dialup ( no defined peer ). That will get you as a responder function. Oew, that was scary I created a single P1 with no P2's and for a moment it seemd that my internet went down as well as most of the IPsec tunnels.Better not t...

Andre_Backs · 05-19-2016

Hi Ken,i totaly agree with you that phase2 is down, but my concern is that when phase1 goes down (or appears to be up when it is not) the phase2 floods the system with attempts to connect.And when the p2 request is on the queue: where can I find (the...

Andre_Backs · 05-17-2016

Hello Ken,The remote site is a Cisco RV078 or something similar or an AXA5505 (I am not sure since I do not administer this device. But it is a Cisco for sure)The ForitOS is v5.0,build3608 (GA Patch 7)I had DPD enabled and also tried it with disabled...

Andre_Backs · 05-24-2014

Hi Gerry, I could be mistaking but I think your WAN Settings put that addres on the subnet boundary i.e. the subnet address. Have you tried to put it on x.x.x.89 / 29 ? to see what it does ?

Fortinet Community

User Statistics

User Activity

ipsec for dialup IP binding ?

a (source) NAT question

IPSec as responder only?

IPSec SA connect gone crazy

restricted admin access question

Re: ipsec for dialup IP binding ?

Re: IPSec as responder only?

Re: IPSec SA connect gone crazy

Re: IPSec SA connect gone crazy

RE: VIP Issue

News & Articles

Security Research

Company

Contact Us