I'm setting up a FGT for our company to take on a "work retreat" where
we'll plug the firewall into the hosts network and all our clients will
sit behind the firewall. The firewall will get its WAN IP from DHCP and
I'm configuring a tunnel from this ...
I'm setting up a pair of 60E's in HA but I'm unable to get the cluster
to form, and both units think they are master. The units were factory
reset and both upgraded to 5.6.6. I issued the following on the
"primary":config system dhcp serverdelete 1en...
I've also posted this in the VPN section as I'm not sure if the problem
is with the SSLVPN config or LDAP... I've got three 80C's in three
offices around the world. All are configured identically as far as SSL
VPN goes and all were working in the pas...
I don't know if this is an LDAP issue or an SSL VPN configuration issue
but I'll start by posting it here. This thing has been giving me a
headache for a couple of days so it's time to seek help. I've got three
80C's in three offices around the world...
I followed the recommended upgrade path to get from 5.2.4 to 5.6.4
(5.2.6 => 5.2.9 => 5.4.4 => 5.6.2 => 5.6.4). I took backups of the
config at each step in case something went wrong. I had configuration
that allowed one particular user to connect vi...
Could be many different reasons depending on where 10.148.36.140 is in
relation to your firewall. First thing to consider is by default, the
source address of the ping packet from the fortigate will be the address
of the interface the ping packet is ...
If you want a full text config that includes all the default settings,
from the CLI, enter... # show full-configuration This will dump out
something quite large. Make sure you have plenty of scroll-back buffer
in your console, or use something like p...
To get a full config file, just download from your GUI...Go to the main
Dashboard screen and on the top right, click on "admin" (or whatever the
username is that you logged in with). Click Configuration => Backup.
Select Local PC and click OK.This wi...
Here's my shell script. I've sanitized it a little to remove email
addresses. Your oid is likely to be different so you'll have to work
that out. I've used a variable in my oid so I can easily change it to
run this against a different tunnel interfac...
I do something similar using a bash script and an expect script. The
bash script performs an SNMP query to check the state of the tunnel
interface. If not up, it calls the expect script which logs into the
Fortigate and executes a series of cli comma...
