It looks like another bad day for FortiGuard servers. We're getting a
lot of complaints across the board from various customers about
mainstream web sites not loading with a blocked category message
(including fortiguard.com and forum.fortinet.com!)....
We're noticing this problem across multiple clients this morning. Any
users using Internet access policies with a DNS Filter profile enabled
are blocked from accessing the Internet. The DNS Query logs show
constant failures with:[ul]Error: no availab...
You didn't mention which FortiGate models you're using, but I'm going to
guess your Security Fabric Root HA cluster are a couple of FortiGate
40F, 60E, 60F, 80E or 90E models and you missed this section of the
FortiOS 7.2.8 release notes:FortiGate mo...
I can't say for sure, but I suspect this is a capacity issue with the
FortiGuard rating servers getting overloaded occasionally and the HTTPS
protocol is more sensitive to delays compared to a fast, connectionless
protocol like UDP. Also, the default...
Here's my take: FortiLink Aggregate Mode (split interface, LACP =
static):Pros:automatically loop-tolerant (MSTP)link-level redundancy at
FortiGateCons:only one FortiLink Aggregate port is active at a time (in
split-interface mode), and all traffic c...
So the cert warning is because you're not connecting via the same FQDN
(fully qualified domain name) as the certificate, and you can't connect
via that FQDN because it doesn't resolve to the FortiGate's internal IP?
That can be fixed a number of diff...
Unfortunately (and fortunately), the answer is no and this will never be
possible. The LetsEncrypt certificates that you can easily obtain are
always non-CA certificates. Deep packet inspection requires a CA
(certificate authority) certificate. You'l...
