Is it possible in the CLI to append an address to an existing group
without overwriting all the current addresses in the group? A have about
100 Fortigates for which I need to edit an address group, but just to
add a new address. The group has been m...
We have applied a DoS policy on a WAN interface with the intent that all
inbound public traffic will be checked for anomalies. However we're
seeing in the logs that traffic from the VPN tunnels (using that WAN
interface) are being inspected. We do no...
I have discovered that there are two methods of building IPSEC GRE
tunnels.[ol]The method most often referenced is to build a typical
interface-based VPN and set the phase 2 encapsulation mode to
"transport". Then configure a third component -- a GRE...
We're in the process of helping a client simplify their network and had
a thought during the design phase. SD-WAN will be used at the main site
for their internet circuits - that part's easy. They also have multiple
1Gbit fiber circuits with differen...
We would like to use Office 365 for SSO. This document describes how to
use Azure as an SSO Identity Provider:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45699 The
document instructs to go to "SAML SSO", however I do not see "SAML SSO"
u...
I have a 60E with about 90 interfaces running DHCP relay. Seems that
limit is not accurate. I just tried to move all DHCP to the Fortigate
and hit the 32 DHCP server limit per VDOM. Uggghh, I was excited to
eliminate another device, but I guess that'...
Found a work around. Create a second DoS policy with the VPN peer IPs as
the source addresses and set the action to disable:
https://www.adnsolutions.com/fortigate-dos-policy-on-wan-blocking-vpn-traffic/
As a followup to this for those that want the full picture. We will have
multiple VDOMs on the main Fortigate with matching VDOMs on the branch
campus Fortigates (employees, residents, clients). This traffic should
remain separated, so we're using EM...
Under Security Fabric -> Settings, I only have options for FortiAnalyzer
(which we have our Fortianalyzer server setup there) and Cloud Logging.
I do not have a Telemetry setting. Please note this is under a VDOM. If
I go to the Global VDOM, then I a...