About hoyty

hoyty · 10-05-2018

I have been troubleshooting a problem since August on my Windows Update Server where certain files would have CRC Verification errors. Finally today I routed my server physically around the Fortigate and everything downloaded fine. I am not sure wher...

hoyty · 03-06-2018

I have two connections I want to LLB. I want to use Volume to best utilize both connections but my problem is they are asymmetric in speed. One is 250/20 and the other is 50/50. I want to have more received traffic one way and more sent traffic the o...

hoyty · 07-11-2017

I upgraded from 5.2.9 -> 5.4.3 on my FortiAnalyzer and everything seemed to go fine with DB rebuild. The FG is shown under devices and appears to be detected SN, FW ver, IP, etc. However the link for logs to be forwarded seems to be broken. I feel li...

hoyty · 11-08-2016

I have a Fortigate 240D and I installed 2 of FG-TRAN-GC 1000BASE-T SFP Transceiver into the dmz ports. I then connected one to a Dell Power connect 3324 and the other to an HP 2520G. In both cases the FDX / HDX negotiation seemed to fail. This preven...

hoyty · 11-07-2016

I was pointed to http://docs.fortinet.com/uploaded/files/2041/using-a-custom-certificate-for-SSL-inspection.pdf by support when I asked about using cert for ssl inspection. Are these instructions only meant for someone who has an internal CA that is ...

hoyty · 07-11-2017

Hmm I did twice, but now that you mention it just went back and re-read. Don't know how I missed that. Further don't know why it took support multiple contacts to tell me that. Oh well.

hoyty · 07-11-2017

I just figured it out with tech support. In 5.2 secure tunnels used ipsec, in 5.4 they use SSL. On the FG you must switch the encryption type from ipsec to ssl. Here are commands (with IP and Serial removed):config log fortianalyzer setting (setting)...

hoyty · 11-07-2016

Thanks for the confirmation of my fears. I am probably happy with cert inspection for bad sites. The problem I have is if a user goes to a https site and it is blocked by web filtering agent based on URL / IP the client is presented the Fortinet cert...

hoyty · 11-07-2016

Thanks for the reply. I ended up setting the objects to any rather than WAN1 and that seems to have worked. It just wasn't logical to me since I know inbound traffic to servers will only be on WAN1 due to IP address in DNS.

hoyty · 02-26-2016

FortiClient 5.4.0.0780 running on Windows 10 Version 1511 Build 10586.104 (latest public cumulative update)

User Statistics

User Activity

Windows Update Server CRC Verification errors if downloaded through Fortigate

WAN LLB for asymmetric speed links?

Upgrade 5.2.9 -> 5.4.3 now Fortigate can't send logs?

Fortigate 240D SFP to 1000T auto negotiate issues?

Creating a certificate with keyusage=certsign or Subordinate Certification Authority?

Re: Upgrade 5.2.9 -> 5.4.3 now Fortigate can't send logs?

Re: Upgrade 5.2.9 -> 5.4.3 now Fortigate can't send logs?

Re: Creating a certificate with keyusage=certsign or Subordinate Certification Authority?

Re: WAN Link Load Balancing vs. policy Source Address question?

Re: Forticlient missing Site Categories?