Fortinet Community

Yurisk · 03-08-2021

Good day everyone, I'd be glad to hear your input on - what are benefits/disadvantages of IPSec site-to-site 2 tunnels between 2 Fortigates, each having 2 ISP links inside/outside SD-WAN membership? SD-WAN config including both ISP links for Internet...

Yurisk · 03-03-2021

Good day everyone, I am trying to get real-time throughput/bandwidth of the traffic passing the Fortigate stats, but to no avail so far. I need it 30-60 days back, so FortiView does not help here. I tried querying perf-stats log column which is sent ...

Yurisk · 10-14-2020

Good day everyone,I am trying to understand how and what for to use peertype dialup settings in Phase1 interface mode for IPSec VPN client connections. The documentation just lists this option, Google tells contradicting stories. I tried just for luc...

Yurisk · 08-06-2020

Good day everyone,I am trying to understand why - is it a bug/normal behavior/or my misunderstanding, and your help is much appreciated.Problem: FGVM learns via BGP some route, then using route-map, sets its next hop to dummy address 192.0.2.1, which...

Yurisk · 06-03-2020

Hello everyone,I've noticed Fortinet docs less and less mention diagnose debug commands in the documentation. Where do you find them when in need, especially for the new FortiOS versions? There was once Wiki https://wiki.diagnose.fortinet.com with al...

Yurisk · 06-12-2022

Usually, not a reason to worry, in most of the cases it is either port exhaustion for PAT or short time-outs for session table. Anyway, this will cause client to retransmit the failed packet, that is it. On a busy FGT especially with multiple VDOMs i...

Yurisk · 06-12-2022

With 40+ switches I am pretty sure you have a central log storage for all of them, I'd check what log level is needed to catch STP port/VLAN state changes (Forwarding/Blocking) and look for them in the logs. Problem that occurs every 30 seconds each ...

Yurisk · 05-26-2022

I haven't tested it, but this one should work: Create VIP with external address set to 0.0.0.0 with filter for DNS serviceUse it for LAN -> WAN direction security rule.Here port2 is LAN, port1 is WAN, LAN_10.17. is LAN address. Update us how it goes....

Yurisk · 05-25-2022

Depends on what role you are applying to - for a junior net admin your answer seems correct to me. Failover-wise, there is no much difference between A-P and A-A - when a member fails, its traffic is switched to the other member(s) the same way for b...

Yurisk · 05-25-2022

You cannot use more than 1 pipe, but for looking at the configs you really don't need to - show sys int port1show full system interface port1show full system interface | grep -f port1

Fortinet Community

User Statistics

User Activity

IPSec VPN tunnels inside versus outside SD-WAN - benefits?

What bandwidth does "perf-stats" actually measure ?

VPN IPsec dialup peertype - how to use

BGP does not install route in RIB if the next hop is a blackhole, RTBH configuration

The case of disappearing diagnose debug commands in the documentation and references

Re: session clash in Fortigate

Re: 30 seconds of packet loss when switch is re-connected

Re: redirect dns traffic from inside subnet to external dns

Re: What is the difference between HA A-A and A-P in fortigate

Re: command

Re: FortiOS and Fortigate Image

Re: Detailed log of configuration changes

Re: Web filtering vs DNS filtering

Re: FortiGate 90E - lost access

Re: session clash in Fortigate

Re: session clash in Fortigate

Re: command

Re: FortiOS and Fortigate Image

Re: Questions about VPN licences

Re: Restricting admin session to a single session

News & Articles

Security Research

Company

Contact Us