Just need a little validation check against something I am implementing
yet feel like I am losing something as well. What I mean by that is, I
have in my environment, an edge firewall (this is where my users get
their primary Internet from), a core f...
This is my first foray into the need for VXLAN and have some questions.
My current site has a L3 Aruba switch, which handles my internal VLANs,
an egress VLAN connecting to my FortiGate which connects to both a
private WAN circuit to my data center (...
Was just running through some clean up and auditing some processes and
wanted to get some thoughts of what others might be doing in regards of
having both ISDB
(https://community.fortinet.com/t5/FortiGate/Technical-Tip-Blocking-Potential-threats-over...
Was doing some log parsing and came across some traffic flows that had
me scratching my head. I have a policy with DPI enabled, but I do have
reputable websites with various categories and address objects exempt. I
also have a application control pro...
Ok, I will admit I am a little outside my knowledge base with this one.
In my investigation, I am learning that what I am looking for might be
this header passed from the browser called X-Forward-For. Based on what
I am seeing, this shows or can show...
In my situation, it is. My ISP is also my VoIP provider, so they retain
DSCP markings to their servers and back to me as long as my equipment
retains those markings along its internal path. That part of it has been
confirmed and proven.
Ok, I think I figured this out with some Ai assistance. ISFW to Core,
shaping more for internal processes (internal client to server, internal
server to server priority bandwidth, etc...). Not really meant to shape
Internet traffic like Office365 or ...
The "delay" I speak of is the adding of application inspection, even if
it's just monitoring to a firewall policy so that a traffic shaping
policy, based on Application will work. If I had before a fw policy that
had zero inspection then added inspec...
I never got this to show successful on Windows' server side of things;
however, when running diag queries on the FortiGate, those DNS entries
did in fact, show up on the firewall.
I'd have to test this out, but it might only show those bundle
identifiers delivered via MDM, so the ones manually enabled might not
show up as output via that command. I cannot 100% recall for sure as
I've slept since then.
