Fortigate-100A 2.80,build357,050127 I had a UDP session running that I
couldn' t fathom the source of. Worst still, I couldn' t quosh it using
the policy statements - which I am guessing is a result of this type of
communication not being catered for...
When allowing the tunnels to be initiated either way I normally select
both direction for allowance in the VPN tunnel section of the policy
pointing towards the end-point (internal->Internet[WAN1]). However when
using a device that can keep the tunne...
When a policy selects NAT, the source or the destination, perhaps both,
are modified. The session table shows the original source and final
destination address. However it is difficult to determine which address
will be used without hopping around th...
When a tunnel is up and running - the job done by the FortiGate is a
good one. However from a service providers point of view, assuring a
customer that service remains available is aided by VPNs remaining up
and being spotted by monitoring equipment ...
or CLI: config router gwdetect edit wan1 # give a list of IPs that all
have to be down in order to invalidate routes via this If. set server
8.8.8.8 208.67.222.222 next edit wan2 set server 8.8.4.4 208.67.220.220
next end exit (please note; that the ...
PBR also needs to be backed up with a routeing statement. So while WAN1
may be your default route, for PBR there should be a less worthy static
(floating static) to 0.0.0.0/0 (with a higher distance metric) via the
blurred out gateway IP and interfac...
It maybe that the requirements are to not block certain ports from the
phone to the PBX (offsite/hosted PBX presumably). In a few proprietary
phone services I' ve witnessed the phones are SIP but there is an
initial ' lock and key' protocol that open...
From my working through a number of approaches with generic and per-IP
shapers (across single and multiple policies) That technique has lopped
it off, yes. For what you want, you need guaranteed, peak and burst in
kbps. Potentially with an ability to...
My understanding is that if I NAT something inbound then it should use
the same external IP on the VIP to go outbound? This is an incorrect
preconception. What interface and what IP your server has for flows
(sessions) it initiates itself is controll...