Just my findings about this. Someone else might be drowning in the same
marsh.. I had serious problems with a client's 600D not honoring the
configured LDAP groups for VPN authentication. It turned out that the
Fortigate authenticated all users again...
Hello, I try to add address objects to an addrgrp, but it fails with
"Value conflicts with system settings".Doesn't matter if the objects are
bound to a zone or not. It just fails. Same in cli. Brand new 500E...
Works in brand new 60E with 6.0.3, don...
Hello,An odd error - A lot of services suddenly went offline yesterday
evening at a client's datacenter. Almost nothing regarding NAT worked.
Most of the VIPs was dead - The logs are empty! No traffic! (Lots of
users, webpages etc. Incoming traffic 2...
Hello,I have tried to create a new vdom (2 other vdoms running) both in
cli and in gui. It shows up, but it says "undefined" under references.
Vdom doesn't show up in list of vdoms to the left. I can edit it in cli,
but when entering the vdom-page i ...
SSLVPN will always be easier, both to set up and to manage. It sucks
that they haven't fixed the dual stack issue, since the competition
(Palo Alto, Cisco and others) can run dual stack SSLVPN without any
problems. But for the time being, the only so...
I don't understand why IPSec would be cumbersome - It is more to setup
in the firewall obviously, but the same for the users, unless you go
with fully manual setup on the client side. That doesn't scale even for
SSLVPN, and would be impossible with I...
SSLVPN is to my knowledge still EITHER IPV4 or IPv6. I have never heard
of anyone succeding in having dual stack in SSLVPN, and support know
this is kinda embarrassing and doesn't really answer your
questions...However, it is perfectly possible to us...
Nope, but I think I just found the reason. It seems that radius
authentication was triggered by several separate events. We had an old
radius policy that sent back a vendor specific option that applied a
non-existing user-group (something was obvious...
