Re: LACP Aggregate Port Issue – Mismatch actor key

dingjerry_FTNT · 07-22-2025

Description This article describes how to detect HTTPS-in-HTTP traffic on FortiProxy. Scope FortiProxy v7.0.7 or above. Solution Before v7.0.7, it was not possible to detect HTTPS-in-HTTP traffic. In an explicit web proxy, if the 'detect-https-in-htt...

dingjerry_FTNT · 07-20-2025

Description This article describes one reason why FortiManager is showing all 0s for the Hit Count in the Policy Package. Scope FortiManager. Solution FortiGate shows real numbers for the Hit Count in the firewall policies. However, in some cases, th...

dingjerry_FTNT · 05-18-2025

Description This article explains the log rate/log insert speed info in some FortiAnalyzer CLI commands. Scope FortiAnalyzer. Solution In some outputs of some FortiAnalyzer CLI commands, there is such log rate info: diagnose fortilogd lograte last 5 ...

dingjerry_FTNT · 02-14-2025

Description This article describes the requirements of a Server Certificate in an SSL Inspection profile while selecting 'Protecting SSL Server'. Scope FortiGate. Solution When creating or editing an SSL Inspection profile, and selecting 'Protecting ...

dingjerry_FTNT · 02-14-2025

Description This article describes one scenario (GRE + IPSec) that is unsupported for NP7 offloading. Scope FortiGate. Solution NP7 offloading supports the GRE tunnel, including terminating on FortiGate or passing through FortiGate.NP7 offloading sup...

dingjerry_FTNT · 09-08-2025

Hi @mulbzh , Technically, no difference, it's all up to you. As @Toshi_Esumi explained, being a management VDOM, the most important thing is to have an Internet connection in it to communicate with the FortiGuard servers for all services, including L...

dingjerry_FTNT · 08-18-2025

Hi @DecGest , If you did not have any UTM profile applied in the firewall policy, do not try to add Web Filter or DNS Filter profile to fix the issue. According to the log message you provided, it is "TCP Reset from server", it is the server resettin...

dingjerry_FTNT · 08-15-2025

Hi @PaulWT , For Dialup IPSec VPN, the user authentication is done in Phase 1. So I don't think that you can split the users for traffic control if using one dial-up IPSec VPN. A workaround is to use multiple dial-up IPSec VPN tunnels with different ...

dingjerry_FTNT · 08-14-2025

Hi @WQ , Is it possible to provide us with the web proxy and SSL Inspection profile configurations? As well as the web filter profile, please.

dingjerry_FTNT · 08-14-2025

Hi @WQ, What is your FGT firmware version? Do you apply any settings as below in any firewall policy for HTTP/HTTPS traffic? 1) Web Proxy / SSL Inspection 2) Web Filtering / Safe Search Enforcement Or do you have any other Fortinet products, such as ...

User Statistics

User Activity

Technical Tip: How to detect HTTPS-in-HTTP trafficon FortiProxy

Troubleshooting Tip: FortiManager showing all 0s for Hit Count in Policy Package

Technical Tip: Explanations about log rate/log insert speed info in some FortiAnalyzer CLI commands

Technical TIP: Requirements of Server Certificate in SSL Inspection profile

Technical Tip: GRE + IPSec not supported for NP7 offloading

Re: Choose management Vdom

Re: Problem accessing website

Re: IPSec VPN to different internal interfaces

Re: will the fortigate firewall affect the browser language?

Re: will the fortigate firewall affect the browser language?

Re: LACP Aggregate Port Issue – Mismatch actor key

Re: LACP Aggregate Port Issue – Mismatch actor key

Re: Fortigate-50G unable to be properly managed by...

Re: Fortigate 200G active/passive licence

Re: Creation of Custom VSA

Re: FortiOS version recommendations for new Fortig...

Re: Fortigate 40F Netflow Config Error

Re: Reachability Issue Between Head Office and Bra...

Re: Fortigate 71G

Re: block vip admin page

KCS

Fortinet Training Institute

User Statistics

User Activity

You are leaving our website