Re: FortiNAC deployment

AEK · 12-24-2024

Hello FML admins FortiMail 7.6.1. We have an issue with one remote mail server of "somedomain.com". The issue is more about TLS than SMTP. When we send an e-mail to that domain they receive successfully.However when they send us an e-mail from the sa...

AEK · 12-24-2024

Hi security adminsUsually when I integrate FML or FWB, I don't use IPS profile (or any other security profile) in the FGT firewall rule that forwards SMTP traffic to FML and HTTPS traffic to FWB.In my understanding, using security profiles at FGT lev...

AEK · 12-15-2024

Hi FGT adminsI have one FGT 101F with FOS 7.2.10.I found the following config error.FGT # get system startup-error-log >>> "set" "gui-endpoint-control-advanced" "enable" @ root.system.settings:command parse error (error -61)The error is "probably" du...

AEK · 12-10-2024

Hello FAC adminsI'm working on FAC 6.6.2.I noticed that FAC's local LDAP can be used only for local user DB.So far I mainly used it as RADIUS server (Corp LDAP as back-end) in order to add MFA.But now following our new requirement I didn't find a way...

AEK · 12-08-2024

Hi EMS/FGT adminsWhen creating ZTNA proxy rule (in Policy & Object > Proxy Policy) for clients that are off-fabric, is there anything valid that we can put in "Source" field other than "all"?Trying to put the public source address of the client, or e...

AEK · 01-04-2025

Here are some steps I suggest for troubleshooting.Make sure time is synchronized between the two firewalls (for correct log aggregation)Make sure rekeying time is the same on both firewallsEnable timestamp in FGT IKE debug logs so you can aggregate e...

AEK · 01-04-2025

Hi DamianYou can create a policy to deny traffic going to ISDB "IP Reputation Database"FortiGate can't know what is installed on your computer, but can guess (by traffic signature) which application is sending the traffic from the comuter. You can us...

AEK · 01-04-2025

Probably some related traffic is denied on the FortiGate.I don't know the services that should be opened on the FortiGate so you can search the PCs, but you can have a look in the FGT's traffic log to see which traffic is blocked when you try to sear...

AEK · 01-04-2025

Thanks for the information. You can mark it as solution.

AEK · 01-04-2025

Hi DoncaI'd say the image you downloaded may not be suitable for Proxmox, even if it is for KVM.Because it seams virsh and sudo are not available on Proxmox hypervisor (I don't know well Proxmox but that's what I understand from your error messages)....

User Statistics

User Activity

FortiMail sslv3 alert unexpected message

Using IPS in FGT for FML and FWB traffic

How to fix startup-error-log without restore

FortiAuthenticator as intermediate LDAP for Corp LDAP

Source address in ZTNA proxy policy

Re: Unstable IPSec tunnel between Fortigate and OpnSense

Re: Fortigate - Some security questions

Re: Network Discovery-Fortigate 100F

Re: Fortiauthenticatior - export / import from VMware to KVM

Re: FortiNAC-F deploy on KVM

Re: FortiNAC deployment

Re: FSSO - Authorization issue

Re: FortiGate does not send Two-Factor activation ...

Re: What da heck is going on with Version 7.4.4

Re: Layer3 Fortiswitch

Re: Fortiauthenticator, alert when fortisms licens...

Re: FortiMail disclaimer message

Re: Integration of FortiGate, Huawei NAC, and Fort...

Re: ZTNA tag for internal traffic filtering

Re: FSSO - Authorization issue

Super User