It looks like another bad day for FortiGuard servers. We're getting a
lot of complaints across the board from various customers about
mainstream web sites not loading with a blocked category message
(including fortiguard.com and forum.fortinet.com!)....
We're noticing this problem across multiple clients this morning. Any
users using Internet access policies with a DNS Filter profile enabled
are blocked from accessing the Internet. The DNS Query logs show
constant failures with:[ul]Error: no availab...
Here's my take: FortiLink Aggregate Mode (split interface, LACP =
static):Pros:automatically loop-tolerant (MSTP)link-level redundancy at
FortiGateCons:only one FortiLink Aggregate port is active at a time (in
split-interface mode), and all traffic c...
So the cert warning is because you're not connecting via the same FQDN
(fully qualified domain name) as the certificate, and you can't connect
via that FQDN because it doesn't resolve to the FortiGate's internal IP?
That can be fixed a number of diff...
Unfortunately (and fortunately), the answer is no and this will never be
possible. The LetsEncrypt certificates that you can easily obtain are
always non-CA certificates. Deep packet inspection requires a CA
(certificate authority) certificate. You'l...
Hey JJ, I posted the solution in the thread you referenced. It looks
like you're only using the Automation Stitch notifications which don't
send the details of what changed, unlike the old "Alert Email Settings"
option. Since the "Alert Email Setting...
I can only comment on the new native FortiOS 7.0 LetsEncrypt/ACME2
implementation. Based on the available documentation, automation only
seems to support HTTP/HTTPS verification, which makes sense given that
the FortiGate wouldn't have any native way...
