Good day everyone, I'd be glad to hear your input on - what are
benefits/disadvantages of IPSec site-to-site 2 tunnels between 2
Fortigates, each having 2 ISP links inside/outside SD-WAN membership?
SD-WAN config including both ISP links for Internet...
Good day everyone, I am trying to get real-time throughput/bandwidth of
the traffic passing the Fortigate stats, but to no avail so far. I need
it 30-60 days back, so FortiView does not help here. I tried querying
perf-stats log column which is sent ...
If you haven't used the open source iperf tool before, there is a lot of
info on it (see https://iperf.fr), and I will only say it allows us to
generate UDP/TCP traffic between 2 hosts of any bandwidth we desire.
Load testing is a sure way to pinpoin...
Good day everyone,I am trying to understand how and what for to use
peertype dialup settings in Phase1 interface mode for IPSec VPN client
connections. The documentation just lists this option, Google tells
contradicting stories. I tried just for luc...
Good day everyone,I am trying to understand why - is it a bug/normal
behavior/or my misunderstanding, and your help is much
appreciated.Problem: FGVM learns via BGP some route, then using
route-map, sets its next hop to dummy address 192.0.2.1, which...
Hello Danny, thanks for the useful script - tried it on few Forti
already, works as expected, works on 6.4.x, 6.2.x, and 7.2.x. It does
not work on 5.6.x I am sure because API paths are different in older
versions, which is ok - not many left at 5.6....
Hi Wojtek,I've never heard about Local-in policies being less intensive
to the Fortigate in processing, so cannot confirm nor deny it. Regarding
usage pattern, yes, I still think it would add complexity and unneeded
processing to those rules. BAsical...
I am trying to see how it would be useful and ... can't. Local-in Policy
- the idea for this management access policy is to white-list IPs, i.e.
allow few and block anything else. Using dynamic external lists makes
sense only to block with them, so t...
(I am not a Fortinet employee)Sounds strange to me - you can even buy
used Fortigates from the eBay, and as long as the original owner answers
Fortinet email asking for account transfer, there have been no issues
with that, be the same country or ano...
Hi, yes, you can, using static URLs filter list in the Web Filtering.
E.g. here I allow example.com and then block anything else: Fortigate
static URL filter Then use this Static-filter profile in security rules
for outgoing web traffic.