I used the following VIP config to perform a PAT (without NAT) on
5.x;edit "vip-10.1.2.1-tcp2022" set src-filter "172.17.2.1"
"172.18.1.14" set extip 10.1.2.1 set extintf "any" set arp-reply disable
set portforward enable set mappedip "10.1.2.1" set ...
Hi All, As i start upgrading Fortigates, i'll be in an interim
configuration where some of the firewalls are on 5.6, but the ADOM is
still on 5.4. What limitations are there in this configuration? Is it
still possible to provision new VDOMs on a 5.6 ...
Its time to start my first significant round of Fortigate upgrades and
am looking for tips and tricks from those that have done many. I'm using
the following as a starting point;
https://kb.fortinet.com/k...=FD35329&sliceId=1 Assumption - Firmware
up...
I'm adding an SSID to a VDOM, and when i click OK i can see 5 messages
flash up on the screen but there's gone before i can read them. Is there
some other way i can read these messages?
Fortigate 5.4.5 needs to PAT (or not) based on source IP
address.host-1.1.1.1 needs to connect to 10.0.49.1 port 22 and be pushed
through as is to 10.0.49.1 port 22 host-2.2.2.2 needs to connect to
10.0.49.1 port 22 but be PATed so that the connectio...
I know its not what you're asking, but what's the reason for not having
the remote DHCP server supply the IPs so you can run a conventional
relay config?
What did you set the MTU to? IIRC for AES128+SHA1 it needs to be 1387,
so you would need something smaller than that to prevent fragmentation.
I did a few minutes googling but didnt find a definitive answer. As a
guess, maybe 256-160 = 96 bits (SHA1 ...
From Wikipedia;"The Security Parameter Index (SPI) is an identification
tag added to the header while using IPsec for tunneling the IP traffic.
This tag helps the kernel discern between two traffic streams where
different encryption rules and algorit...
James_G wrote: How many steps is it to max 5.4.x first, then jump to
latest 5.6.x The versions i listed are from the upgrade path tool, so it
says go from 5.4.5 to 5.6.2 then step through the 5.6.x versions.