Fortinet Community

bpozdena_FTNT · 07-28-2023

Description This article explains the RADIUS server reachability status cache which was introduced in FortiOS 7.4.0. Scope FortiOS 7.4. Solution When configuring a secondary or tertiary RADIUS server, all FortiOS versions before version 7.4 would alw...

bpozdena_FTNT · 09-29-2021

Description This article describes that the FSSO collector agent by default tries to detect workstation IP address changes by resolving the workstation host names via DNS. The interval in which the IP address verification occurs is configured by the ...

bpozdena_FTNT · 05-27-2021

DescriptionWhen configuring FSSO, administrators have the ability to specify which user groups will be monitored by FSSO. The Group Filter can be defined either locally on FortiGate or directly on FSSO Collector Agent. While in general the group filt...

bpozdena_FTNT · 04-12-2021

DescriptionSince the release of FortiOS 6.2, the FortiOS proxy daemon (WAD) will strip domain names from usernames when domain is specified with backslash (DOMAIN\username). This behavior allows matching of locally defined users before contacting rem...

bpozdena_FTNT · 05-15-2020

Description This article describes how to configure SSL VPN OS check for Windows 10 clients with specific Windows build number. Scope FortiGate v6.2 and above. Solution # config vpn ssl web portal edit set os-check enable set skip-check-for-unsuppor...

bpozdena_FTNT · 04-17-2023

If you don't necessarily have to use FQDN, use regular IP address objects in your firewall policies instead. If the server resolves into too many IP addresses, then you will need to ensure the clients and Fortigate use the same system DNS servers. Bu...

bpozdena_FTNT · 01-23-2023

Hi @albertocobo , I do not see any reason/benefit to keeping interfaces shutdown permanently. You can however enable a temporary interface shutdown after a Fortigate failover occurs in order to force-clear MAC address tables on adjacent switches . co...

bpozdena_FTNT · 01-12-2023

I have two websites hosted internally on 192.168.1.10 through IIS as follows https://website1.com = 192.168.1.10 https://website2.com = 192.168.1.10 Since both websites are hosted on the same real server, there is no need for load balancer on your Fo...

bpozdena_FTNT · 01-06-2023

They both have 3 radios (2.4Ghz, 5Ghz, scanning). Major difference is that 831F supports 8x8 MU-MIMO and is therefore equipped with 5Gb Ethernet port. If you think you the theoretical 2.5Gbps per AP is not sufficient for your use case, then 831-F is ...

bpozdena_FTNT · 01-06-2023

If you are managing many Mobile FortiTokens, you might want to consider switching to FortiAuthenticator where token self-provisioning is supported. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.6/administration-guide/200803/tok...

Fortinet Community

User Statistics

User Activity

Technical Tip: RADIUS server reachability status cache

Technical Tip: Optimization of FSSO workstation IP address verification

Technical Tip: FSSO Group Filter configured on Collector Agent

Technical Tip: Domain name stripping behavior for proxy authentication

Technical Tip: How to configure FortiClient SSL VPN check for Windows version and build

Re: FQDN behaviour but without wildcard

Re: HA standby unit ports down

Re: Load balance multiple website

Re: FortiAP advice

Re: FortiToken and private life

Re: External Connector FSSO Agent on Windows AD

Re: Fortigate Firewall Policy | GUI Table

Re: Upload a logo image via CLI

Re: Automation -> CLI Script: Use date as Part of ...

Re: FAC Captive Portal with http

Re: Assign multiple FortiToken at once to multiple...

Re: Access web server in DMZ via port 80

Re: Using LDAP auth with IPSec VPN, Windows Native...

Re: Licences for email 2FA

Re: DHCP exclusions more than three subnets

KCS