I used the following VIP config to perform a PAT (without NAT) on
5.x;edit "vip-10.1.2.1-tcp2022" set src-filter "172.17.2.1"
"172.18.1.14" set extip 10.1.2.1 set extintf "any" set arp-reply disable
set portforward enable set mappedip "10.1.2.1" set ...
Hi All, As i start upgrading Fortigates, i'll be in an interim
configuration where some of the firewalls are on 5.6, but the ADOM is
still on 5.4. What limitations are there in this configuration? Is it
still possible to provision new VDOMs on a 5.6 ...
Its time to start my first significant round of Fortigate upgrades and
am looking for tips and tricks from those that have done many. I'm using
the following as a starting point;
https://kb.fortinet.com/k...=FD35329&sliceId=1 Assumption - Firmware
Fortigate 5.4.5 needs to PAT (or not) based on source IP
address.host-126.96.36.199 needs to connect to 10.0.49.1 port 22 and be pushed
through as is to 10.0.49.1 port 22 host-188.8.131.52 needs to connect to
10.0.49.1 port 22 but be PATed so that the connectio...
What did you set the MTU to? IIRC for AES128+SHA1 it needs to be 1387,
so you would need something smaller than that to prevent fragmentation.
I did a few minutes googling but didnt find a definitive answer. As a
guess, maybe 256-160 = 96 bits (SHA1 ...
From Wikipedia;"The Security Parameter Index (SPI) is an identification
tag added to the header while using IPsec for tunneling the IP traffic.
This tag helps the kernel discern between two traffic streams where
different encryption rules and algorit...
James_G wrote: How many steps is it to max 5.4.x first, then jump to
latest 5.6.x The versions i listed are from the upgrade path tool, so it
says go from 5.4.5 to 5.6.2 then step through the 5.6.x versions.