Hello! We have a setup where we have 2 WAN links and 2 IPSec links (each
tunnel on each wan link) connecting our small offices do DC. On offices,
we already have SD-WAN for WAN links and for the traffic through the
tunnels we are still using main and...
I'm using the monitor/firewall/policy api to find the non-used policies
for a while. The thing is that I couldn't figure what is the format of
the information listed on the result. For example, when was the
last_used time for the following policy?The...
Hi! I would like to know from you guys if there is a best-practice rule
in terms of the IPS action? I am wondering if it is better to only block
(and have all those signatures processed daily by the IPS engine) or
quarantine the source IP for, i don'...
Hi All! I'm testing security fabric and I'm having some trouble to get
it working. I have set up my core and a branch FGs to work with security
fabric, through an IPSec tunnel. The interfaces are configured as many
documentations on the web and I see...
Does someone have any news about this issue? I'm trying to automatize
the configuration of my Forticlients via fcconfig, but there is no way
to get it working properly, simply because it seems that the parameter
-o importvpn does not work at all. If ...
Yurisk wrote:For DNS filtering to work, Fortigate has to see both -
query for the DNS record, and answer to it. Which way and who does it is
not of interest to Fortigate. If client in LAN queries internal DC as
DNS, which in turn goes to ISP/Google D...
TechSupport4415 wrote:That could maybe do... but, are we loosing the DNS
filtering capabilities of the Fortigate unit, if we configure it this
way? Or, is DNS filtering / blocking implemented elsewhere, and the FGT
does not need to forward all DNS tr...
Hi, Ken! Would you mind to tell me what unit did you use to do the time
conversion? I am not being able to match the correct date in
miliseconds, seconds or ticks.I cannot figure out what that number in
the output means. [TimeSpan]::FromTicks(1618340...
Hey, Ken! Glad to "meet" you, since I have been in your blog for some
times. :) It ir really a good idea to catch these informations by SNMP.
I'm now wondering about putting that information on my Zabbix and then
let it warn me when a policy reaches ...