Fortinet Community

Yurisk · 03-08-2021

Good day everyone, I'd be glad to hear your input on - what are benefits/disadvantages of IPSec site-to-site 2 tunnels between 2 Fortigates, each having 2 ISP links inside/outside SD-WAN membership? SD-WAN config including both ISP links for Internet...

Yurisk · 03-03-2021

Good day everyone, I am trying to get real-time throughput/bandwidth of the traffic passing the Fortigate stats, but to no avail so far. I need it 30-60 days back, so FortiView does not help here. I tried querying perf-stats log column which is sent ...

Yurisk · 10-14-2020

Good day everyone,I am trying to understand how and what for to use peertype dialup settings in Phase1 interface mode for IPSec VPN client connections. The documentation just lists this option, Google tells contradicting stories. I tried just for luc...

Yurisk · 08-06-2020

Good day everyone,I am trying to understand why - is it a bug/normal behavior/or my misunderstanding, and your help is much appreciated.Problem: FGVM learns via BGP some route, then using route-map, sets its next hop to dummy address 192.0.2.1, which...

Yurisk · 06-03-2020

Hello everyone,I've noticed Fortinet docs less and less mention diagnose debug commands in the documentation. Where do you find them when in need, especially for the new FortiOS versions? There was once Wiki https://wiki.diagnose.fortinet.com with al...

Yurisk · 08-11-2022

If you don't intend to separate accessible from the Internet hosts into a different network, then doing the regular VIPs (Virtual IPs) will do the job, and is the most simple to implement.

Yurisk · 08-11-2022

@R_F Glad to be of help.@Toshi_Esumi Thanks, Toshi.

Yurisk · 08-09-2022

Your requirements are pretty high in number of users, SSL Deep Inspection for blocking specific traffic inside HTTPS tunnels, QOS, VPN SSLs. So you are talking about bigger models with heavy price tag (200F and higher). I wouldn't advise you to decid...

Yurisk · 08-09-2022

If you mean that Fortiweb sends logs already with the wrong timestamps, then not much you can do (provided it is connected to NTP, and synchronized), except open a ticket with TAC. As there is not much of a debug process for time stamping logs.

Yurisk · 08-08-2022

Not an elegant or recommended by someone solution, but when the risk is high, I do changes on the local Fortigate, then, having made sure all works fine, sync/import the changes to the Fortimanager.

Fortinet Community

User Statistics

User Activity

IPSec VPN tunnels inside versus outside SD-WAN - benefits?

What bandwidth does "perf-stats" actually measure ?

VPN IPsec dialup peertype - how to use

BGP does not install route in RIB if the next hop is a blackhole, RTBH configuration

The case of disappearing diagnose debug commands in the documentation and references

Re: Additional public IP addresses

Re: FortiGate hardware specification lists

Re: Choosing a Firewall

Re: Fortiweb syslog 2 Hour different

Re: Create out of band management - FortiManager

Re: Delete Local-in Policy

Re: how to block malicous ip || 5000 IPs ||

Re: FortiOS and Fortigate Image

Re: Detailed log of configuration changes

Re: Web filtering vs DNS filtering

Re: Delete Local-in Policy

Re: Read inside DNS requests

Re: Statefull Firewall

Re: session clash in Fortigate

Re: command

News & Articles

Security Research

Company

Contact Us