Hi, I' m getting a lot of " Invalid Packet" messages for my DNS traffic.
I' m running a Bind DNS, and I can' t figure out why the Fortigate is
considering the packets invalid. From what I can see, the packets are
normal. Not all packets are showing a...
Hi, Is there a way to apply a policies on a per-device per user basis?
Something like: - Users of group VIP can access everything from iPad,
but only HTTP from Android. - All other users are bound to per device
rules (ex.: Android and Ipad can only a...
Hi, I have two internal netwoks, say Net1 and Net2. I want to do the
following: - Only User1 can access SSH on Net2 - Everything except SSH
should be controlled by regular non-identity policies Unfortunately I
cannot add the destination server or IP ...
Hi there, I have two servers on a DMZ (private IPs), that are each
reachable by a different VIP through the outsite interface. My
DMZ-Outside policy is set to NAT with the destination interface, but the
Fortigate is smart enough to rewrite the source...
Hi, I have internal IMAPS and SMTPS servers, and would like to apply IPS
and AV policies to them. SSL inspection, as far as I can see, will
rewrite the certificates with the internal CA. I don' t want that. I do
want to add my IMAPS and SMTPS certifi...
Since 5.0.3, RSSO pre-creates the authentication session so users do not
need to authenticate through a dummy page. iPad and Android no longer
show the " authentication required" message. The users shows up under "
User & Device > Monitor Firewall" a...
Hi, But in that case, as far as I can see, Policy 1 will be an Identity
Policy and will not fallback to the others. Because ID policies do not
allow ports, only IPs. Only sub policies allow ports. How to workaround?
Thanks.
I did some captures, and found out that the Fortigate will flag
NXDOMAIN, SERVFAIL, etc as Invalid Packets. A resolver will get plenty
of this, especially for reverse DNS queries. And as far as I can see, I
can' t whitelist the resolver. So it is alw...