Good day everyone, I'd be glad to hear your input on - what are
benefits/disadvantages of IPSec site-to-site 2 tunnels between 2
Fortigates, each having 2 ISP links inside/outside SD-WAN membership?
SD-WAN config including both ISP links for Internet...
Good day everyone, I am trying to get real-time throughput/bandwidth of
the traffic passing the Fortigate stats, but to no avail so far. I need
it 30-60 days back, so FortiView does not help here. I tried querying
perf-stats log column which is sent ...
Good day everyone,I am trying to understand how and what for to use
peertype dialup settings in Phase1 interface mode for IPSec VPN client
connections. The documentation just lists this option, Google tells
contradicting stories. I tried just for luc...
Good day everyone,I am trying to understand why - is it a bug/normal
behavior/or my misunderstanding, and your help is much
appreciated.Problem: FGVM learns via BGP some route, then using
route-map, sets its next hop to dummy address 192.0.2.1, which...
Hello everyone,I've noticed Fortinet docs less and less mention diagnose
debug commands in the documentation. Where do you find them when in
need, especially for the new FortiOS versions? There was once Wiki
https://wiki.diagnose.fortinet.com with al...
Usually, not a reason to worry, in most of the cases it is either port
exhaustion for PAT or short time-outs for session table. Anyway, this
will cause client to retransmit the failed packet, that is it. On a busy
FGT especially with multiple VDOMs i...
With 40+ switches I am pretty sure you have a central log storage for
all of them, I'd check what log level is needed to catch STP port/VLAN
state changes (Forwarding/Blocking) and look for them in the logs.
Problem that occurs every 30 seconds each ...
I haven't tested it, but this one should work: Create VIP with external
address set to 0.0.0.0 with filter for DNS serviceUse it for LAN -> WAN
direction security rule.Here port2 is LAN, port1 is WAN, LAN_10.17. is
LAN address. Update us how it goes....
Depends on what role you are applying to - for a junior net admin your
answer seems correct to me. Failover-wise, there is no much difference
between A-P and A-A - when a member fails, its traffic is switched to
the other member(s) the same way for b...
You cannot use more than 1 pipe, but for looking at the configs you
really don't need to - show sys int port1show full system interface
port1show full system interface | grep -f port1