I have been troubleshooting a problem since August on my Windows Update
Server where certain files would have CRC Verification errors. Finally
today I routed my server physically around the Fortigate and everything
downloaded fine. I am not sure wher...
I have two connections I want to LLB. I want to use Volume to best
utilize both connections but my problem is they are asymmetric in speed.
One is 250/20 and the other is 50/50. I want to have more received
traffic one way and more sent traffic the o...
I upgraded from 5.2.9 -> 5.4.3 on my FortiAnalyzer and everything seemed
to go fine with DB rebuild. The FG is shown under devices and appears to
be detected SN, FW ver, IP, etc. However the link for logs to be
forwarded seems to be broken. I feel li...
I have a Fortigate 240D and I installed 2 of FG-TRAN-GC 1000BASE-T SFP
Transceiver into the dmz ports. I then connected one to a Dell Power
connect 3324 and the other to an HP 2520G. In both cases the FDX / HDX
negotiation seemed to fail. This preven...
I was pointed to
http://docs.fortinet.com/uploaded/files/2041/using-a-custom-certificate-for-SSL-inspection.pdf
by support when I asked about using cert for ssl inspection. Are these
instructions only meant for someone who has an internal CA that is
...
Hmm I did twice, but now that you mention it just went back and re-read.
Don't know how I missed that. Further don't know why it took support
multiple contacts to tell me that. Oh well.
I just figured it out with tech support. In 5.2 secure tunnels used
ipsec, in 5.4 they use SSL. On the FG you must switch the encryption
type from ipsec to ssl. Here are commands (with IP and Serial
removed):config log fortianalyzer setting (setting)...
Thanks for the confirmation of my fears. I am probably happy with cert
inspection for bad sites. The problem I have is if a user goes to a
https site and it is blocked by web filtering agent based on URL / IP
the client is presented the Fortinet cert...
Thanks for the reply. I ended up setting the objects to any rather than
WAN1 and that seems to have worked. It just wasn't logical to me since I
know inbound traffic to servers will only be on WAN1 due to IP address
in DNS.
