Hi We are facing this issue that the FAC is rejecting CSR generated from
our IIS server, and giving this error messageImport has failed: module
'lib' has no attribute 'X509_delete_ext' If I generate the CSR let say
from another OS , linux for example...
Hi What is the difference between:set additional-path-select<#> under
config router bgp andset adv-additional-path <#>under config neighbor
attached screenshot Also, I sow on the other peer this:set
additional-path receiveI disable it by:set addition...
Has anyone faced issue with SCEP in FGT VDOM mode ? I have two
environments where I use SCEPone environment has fortigate and
fortiauthenticator , while the fortigate is not in vdom mode . And I use
there SCEP for auto certificate enrollment and its ...
Hi I'm trying to site to site VPN to be up all the time even when there
is no trafficI went through this KB but didn't
helphttps://kb.fortinet.com/kb/documentLink.do?externalID=12069What
happens here is that our S2S goes down from time to time , if t...
Hello Can someone explain to me differences between setting bfd in BGP
and setting fast-external-failoverNot configuration level, but
operational level?
This is actually an interesting question.On the one hand, why should we
add a "static route" why the local/remote subnets mentioned in the
selectors. On the other hand, it is what it is :)Anyway, In thinking
this through, and by looking at the commen...
Thank you bothI investigated the issue with support, and it was a
misunderstanding of this commandAs i ran two IPSEC VPNs towards the HQ
additional to the main IPVPN line, I was always receiving three routes
if ibgp-multipath is enabled, no matter if...
Hi Ken Thanks for your answer I did some extra research for the first
part of my question regarding 'set additional-path-select' and I think
it is only for calculation bestpath process. And the 'set
adv-additional-path ' is stating for how many bestp...
if you're facing this issue explained in this article:
https://kb.fortinet.com/k....do?externalID=FD49851and still cannot
delete certificate when the certificate is revoked and expired (as
described in the article) then maybe you can try this
out:htt...
I have the same situation were we have FML behind FGT and in FAZ we see
lots of "Deny: DNS error" and "IP connection error" from FML source IP.I
tried deleting the DNS session-helper but that didn't help.And in FML
system events we see: UDP DNS respo...
