Hi Firewall Gurus, I'm looking for best practice for the phase 2
selector subnets in a general case. I understand in some case it
requires to use 0.0.0.0/0. I'm talking about in decent network
segmentation internal network that connects to outside. I...
Hi fortianalyzer gurus, I'm new to Fortianalyzer. Can someone guide me
how to display or run report of all the current VPN users login at the
moment? Thank you!!
Hi there, I'm trying to learn the policy setup of fortigate product. Can
anyone tell me why I need some specific policy for allowing traffic? I
saw some allowing policies in my current environment has specific source
and destination ip address (assum...
Hi there, I'm new to fortigate. I am trying to figure out why a virtual
server stuck at firewall without denied policy setup. It used to work.
When I did traceroute on the server, it stopped at the firewall. I don't
see any policy to deny the server....
Hi there, I'm still in the learning process of fortigate. I'm trying to
setup a backup VPN tunnel. Now, I have a primary vpn tunnel from site A
firewall to site B firewall. I will need a secondary vpn tunnel from
site C firewall to site B firewall to...
Thank you for the info. The more selectors we have, the more negotiation
we need, e.g. multiple SA. Is that true? phase 2 selectors need to be
negotiated one by one. If we have one broader range, and like you said
use policy to restrict each access, ...
Hi Chris, For my situation, I still haven't find the solution on
fortianalyzer. But i did find solution on fortigate itself. I found it
under Monitor -> SSL VPN users. Then you can see the current users login
via VPN and the last login time. Hopefull...
emnoc wrote:I highly doubt a specific policy was the issue. What was you
any/any policy did you have any UTM features enabled. Ken Felix Hi Ken,
Thank you for helping me out on this post as well. Comparing the two
policies, the only difference is any...
neonbit wrote:You can certainly create an all > all policy to match
everything, but in the security world this is not best practice. Ideally
should only create policies/enable access for as specific IP and
services as possible. Thank you for the answ...