I am looking to implement what I am calling a bit of a "NAC-Lite"
solution for some branch offices. I can use FortiTelemetry and interface
enforcement to restrict devices onto the network, but my other thought
also involves allowing only certain devi...
I've seen the same thing too. I can assume your are running the
FortiAnalyzer (FAZ) ? In my case, I only saw this happen during the
following conditions:1. Using multiple VDOMs2. The admin profile for the
FAZ user (I keep them separate) has read-only...
You are correct you would need 4 tunnels in each BO. You can either use
dynamic routing and keep all tunnels up - or use a combination of other
Fortigate features. 1. You can set a tunnel to be a backup and come up
only when another one fails. Do thi...
I don't know if you are using any kind of dynamic routing protocol - but
it looks like probably not. Easiest way is to create another VLAN
dedicated for swtich/fortigate traffic with a small subnet (/28 or /29)
and put only the switch and the Fortiga...
I think the best way to accomplish this would be use the API. You can
load scripts and run those as well, but I think changing address objects
via the API is the best way to go. You need a developer account to get
access to API docs, but there are so...
Yes. If you log in to the support portal you can download the
FortiClientSetupTool (or some similar name) - this allows you to bundle
the XML configurations in the installer. Your other option is the
Forticlient EMS which is much more robust, but als...
