Description This article describes the reasons behind multicast packets
being unable to traverse the FortiGate unit, despite the presence of a
static route configured to utilize a VRRP, HSRP, or GLBP address for
reaching a PIM sparse-mode RP. Scope F...
Purpose The purpose of this article is to depict why the FortiGate
answers to traceroute on the VIP addresses, while such traffic is not
allowed by the firewall policies. Scope Firewall VIP, and traceroute
DiagramExpectations, Requirements Some secur...
PurposeThe purpose of this article is to expose a solution to use Policy
Based Routing (PbR) on traffic managed by the web-proxy of the
FortiGate.When you enable explicit proxy of the FortiGate, the concerned
traffic is "proxied" on the FortiGate. Th...
Purpose The purpose of this article is to explain how to backup the
FortiGate Configuration with Kiwi CatTools, starting with FortiOS 4.0
MR3 Patch11 (4.2.11) and FortiOS 4.0 MR3 Patch4 (4.3.4). Scope Starting
from FortiOS 4.0 MR2 Patch11 (4.2.11) an...
Purpose Configure the FortiGate to synchronize its clock to a different
time server, and secure the NTP update using MD5 authentication.NTP
protocol:NTP stands for Network Time Protocol. It is used to synchronize
the time of a computer to reference N...
Hello,it could be interesting to know the reason of the "closure". You
can get the information from "get router info bgp neighbors xx.xx.xx.xx"
where xx.xx.xx.xx is the IP address of the peer. You can also get the
status of the connection using 'get ...
Hello,Create IGMP "service":config firewall service custom edit "IGMP"
set protocol IP set comment "IGMP" set protocol-number 2 nextendand then
the local policyconfig firewall local-in-policy edit 0 set intf "dmz"
set srcaddr "all" set dstaddr "all" ...
Hello,the KB shows external to internal IPs, but you can apply this KB
to internal (or local) subnets. basically, it's doing static NAT between
your 2 networks. But, from what you request at the beginning of the
post, you need to access server B (192...
Hello,you can check the routing table using 'get router info
routing-table all' and then confirm your assumptions.If you are not
sure, copy/paste the output of the commands in the thread.Best regards
Hello,By default, IGMP has a TTL of 1, which means it will not be routed
by the Fortigate. Moreover, IGMP is not enabled by default on the
Fortigate, you have to enable it on each interface which should
participate to multicast. For me, there is noth...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.