Hello, I have just received a new FG 100F and noticed that there are 2 x
10G fortilink ports.From the datasheet, it said they are used to connect
into Fortiswitch. Does the Fortilink protocol work only between Forti
devices? Can I use them to connect...
Hello, Recently I need to build a second lab, the same as the existing
lab.I am thinking if I can just run a backup/restore to copy the
configuration file to the new Fortigate as soon as they are the same
model.What I concern is about the license, se...
Hello, I'd like to configure OSPF BFD between Fortigate and Cisco ASA.My
settings are as follows, but it didn't work. I found Forti sent out
packets but didn't receive from ASA. ASA:interface g0/0ospf
hello-interval 1 ospf dead-interval 3 bfd interva...
Hello, I'm using FG 200E in our company. In order to find other model to
replace this, I found out FG 100F.Reading the datasheets, it seems that
they have similar throughput in terms of firewalling and packet
inspection, encryption/decryption, etc......
Hello, I am doing some labs using Fortigate 201E.By troubleshooting, I
found out that there were many logs in policy 0, deny any any (the
bottom line of policy).Details showed it is "Threat 131072, threat score
30". The concerned protocols were HTTPS...
Hello, Good idea. I used debug bfd on Cisco. It showed nothing.Finally I
found out the issue.On ASA OSPF interface, I need to add "bfd neighbor
x.x.x.x", but it didn't appear on the config output.The Fortigate config
is the same. Thank you for your h...
Hello Fullmoon, I've just tested in Lab.I cannot use HA port combining
with another port to create a redundant interface.But I can if I use two
data ports without HA; eg. port10, 11 or port2, 3.I think this is
limited by hardware.
Since there were logs in implicit deny, I guess the first rule (permit
all/any) doesn't contain all services.I'd like to know what are the
services/ports it contains. Does "ALL" mean only ports tcp/udp 1-65535
and ICMP? anything else? About the ICMP ...
Hello, I found out the issue. Because I used redundant interface as
source. Instead I should use vlan inside this interface.After my
correction on the concerned policy rules, traffic passes as I expected.
The ping didn't work I don't know why. but mo...