Fortigates not resolving wildcard address objects ...

bascheew · 09-04-2024

Wildcard FQDN address objects do not instantly resolve the names like non-wildcard objects. Instead, for wildcard objects, the Fortigate watches DNS queries as they pass through the firewall and it sniffs the IP addresses that are returned from DNS s...

bascheew · 01-31-2022

Is it possible in the CLI to append an address to an existing group without overwriting all the current addresses in the group? A have about 100 Fortigates for which I need to edit an address group, but just to add a new address. The group has been m...

bascheew · 10-18-2021

We have applied a DoS policy on a WAN interface with the intent that all inbound public traffic will be checked for anomalies. However we're seeing in the logs that traffic from the VPN tunnels (using that WAN interface) are being inspected. We do no...

bascheew · 08-31-2020

I have discovered that there are two methods of building IPSEC GRE tunnels.[ol]The method most often referenced is to build a typical interface-based VPN and set the phase 2 encapsulation mode to "transport". Then configure a third component -- a GRE...

bascheew · 03-17-2020

We're in the process of helping a client simplify their network and had a thought during the design phase. SD-WAN will be used at the main site for their internet circuits - that part's easy. They also have multiple 1Gbit fiber circuits with differen...

bascheew · 02-03-2022

I have a 60E with about 90 interfaces running DHCP relay. Seems that limit is not accurate. I just tried to move all DHCP to the Fortigate and hit the 32 DHCP server limit per VDOM. Uggghh, I was excited to eliminate another device, but I guess that'...

bascheew · 10-19-2021

Found a work around. Create a second DoS policy with the VPN peer IPs as the source addresses and set the action to disable: https://www.adnsolutions.com/fortigate-dos-policy-on-wan-blocking-vpn-traffic/

bascheew · 04-15-2021

Did you find a resolution to this? Trying to help a client get a LAG to work with a Ubiquiti switch as well. Sounds like the same symptoms.

bascheew · 03-17-2020

As a followup to this for those that want the full picture. We will have multiple VDOMs on the main Fortigate with matching VDOMs on the branch campus Fortigates (employees, residents, clients). This traffic should remain separated, so we're using EM...

bascheew · 11-04-2019

Under Security Fabric -> Settings, I only have options for FortiAnalyzer (which we have our Fortianalyzer server setup there) and Cloud Logging. I do not have a Telemetry setting. Please note this is under a VDOM. If I go to the Global VDOM, then I a...

User Statistics

User Activity

Fortigates not resolving wildcard address objects when the DNS servers are across an IPSEC tunnel

How to append an address to an address group without replacing the current addresses

Can't use srcaddr-negate on DoS policies. How can we filter out private IPs?

Difference between "config system gre-tunnel" and "set encapsulation gre"

Multiple SD-WAN groups. What are your thoughts?

Re: DHCP limitation

Re: Can't use srcaddr-negate on DoS policies. How can we filter out private IPs?

Re: LACP to Unifi

Re: Multiple SD-WAN groups. What are your thoughts?

Re: SAML SSO option missing in the GUI

Fortigates not resolving wildcard address objects ...

SDN connectors and VDOMs

Re: How to show user names, not IPs in logs

Re: FortiOS 6.2.2 is out

Re: FortiOS 6.2.2 is out

Fortinet Training Institute