We are using IPsec over a Metro Ethernet connection. This connection
provides no Internet service, only service to HQ. The goal is to send
all traffic across the tunnel. Now I've found a solution but I don't
know why it works... One default route is ...
Hey, How will counters that result in blocking actions be created in the
end? Is source/destination the filter that defines which connections
will be considered for blocking at all and from those it will keep a
list by (srcip,dstip,service) to block?...
Say I'd like to deploy dozens of small appliances, only use case is
VPN.Do I need to buy support for each of the endpoints?My thinking is:*
When there is a problem I reproduce on a box with a subscription.* It's
way cheaper in the long run to buy a f...
Hi, Currently running FOS 5.4 on a 100D using a-p HA I'd like to find
out and document the EXACT differences and compatibility between the
following features concerning HA/clustering and dedicated management.
Unfortunately, asking support about thing...
Hey all, Since FortiOS 5.4 we notice ever changing hashes for "set
priv-pwd ENC" "set auth-pwd ENC" etc. (snmpv3) and also for "set
password ENC" commands in the configuration. Why is that? This makes the
revision control of the config files kind of ...
james_h wrote: - disable default gw being received from dhcp. Add a
static route to the tunnel ip you are connecting so your tunnel can come
up and then add the default to the tunnel. Concerning alternative 1:
That wouldn't work when the remote IP is...
I'd like to summarize my findings for anyone trying to accomplish this
in the future. Apparently the requirement of having a default route
across the tunnel is not a common thing... Requirements: * WAN1 using
DHCP * Tunnel setup using (D)DNS * all tr...
You do not understand what I write.Or I do not understand what I
write.There is (at least) another firewall between both Fortigate.The
one in front of the local Fortigate does NOT forward IPsec ports.As
such, HQ FGT cannot start IPsec communication.
I don't think it's possible for HQ to bring up the tunnel in this case
since there is another firewall at branch side which doesn't forward
(4)500 to the Fortigate. Ports (4)500 are only forwarded on HQ side to
HQ Fortigate. And in fact HQ address is...
Sorry for being late to the show... What if you have a default route
through the tunnel and the underlying connection (internet) also uses a
default route in order to establish basic IP connectivity? You can't add
another default blackhole route with...