Fortinet Community

sw2090 · 12-01-2021

Hiho, there is an old bug in FortiOS and FortiManager that allows you to set too long Phase1 names. This can cause problems wenn the FGT runs out of space on creating new dialup instances due to enumeration. This means: when you create a dial up ipse...

sw2090 · 10-08-2021

just encountered this: IPSec Dial Up does allow concurrent tunnels. To make sure it can handle each one it enumerates the tunnels. Good so far.Though the Gui (and the FOrtimanager gui also) allow you to enter too long p1 names.If you p1 name is too l...

sw2090 · 09-01-2021

Hiho, I have an adom which used to bei v6.2 before. As long as it was 6.2 all worked fine even after upgrading the FortiManager to v6.4. Once I upgraded the adom (and the global adom as it provides objects that are used in that adom) to v.6.4 I canno...

sw2090 · 07-07-2021

I have this constellation: FGT100E with a FEX connected to it via capwap.FGT has authorized the FEX and added a device ofor it.All wans plus FEX are members of sd-wan. All wans except FEX are part of SD-WAN health check.I kept FEX out because it shou...

sw2090 · 05-11-2021

I have the following constellation which behaves quite strange FGT100D has 4 WANS. Port wan1,wan2,ha1,ha2. Those are members of sd-wan in following order: wan1 cost 0wan2 cost 0ha1 cost 10ha2 cost 10 the implicit sd-wan rule for loadbalancing is set ...

sw2090 · 12-01-2021

if it is a dial up you might have run into the same isse I ran into today again. I consider this a bug in FortiOS (and FMG). On dial up tunnel names FortiOS ufortunately does not subtract the space it needs for the enumeration of the dial up instance...

sw2090 · 12-01-2021

yes it does. So Tunnel is up completely. Did you try to flow trace the traffic to see if it matched policies and routing is correct? diag debug enablediag debug flow filter daddr=diag debug flow filter saddr=diag debug flow trace start that will sho...

sw2090 · 12-01-2021

yes exactly - you have to have an account with at least one device registered that has a valid support (i.e. FortiCare(tm) ) contract bound to it. Then the download area will be available and you can dl any firmware image.

sw2090 · 12-01-2021

Are you sure the tunnel is up competely? In Firmware prior to 6.4 the IPSec Monitor (and also the ike debug log) do not show Phase2. Since 6.4 it does show phase2 at least in IPSec Monitor.So maybe your Phase1 came up and the tunnel is marked as up i...

sw2090 · 11-17-2021

for Webinterface you need a simple SSL Certificate. Afair in windows ca there is a template named "Webserver certificate" or similar. We use this here too.for SSL Inspection you need a subordinate ca certificate there is also a template for that (I'd...

Fortinet Community

User Statistics

User Activity

IPSec Dialup Tunnel enumeration reset?

Weird behaviour of Dial Up IPSec

cannot deploy policy package after adom upgrade to 6.4

FortiExtender in SD-Wan Rule not working

Strange behaviour of SD-WAN Loadbalancer

Re: VPN not accepting new connections

Re: IP Sec Tunnel Interface is UP, but i can't do a ping to remote pc

Re: new Firmware version of 311B fortigate firewall

Re: IP Sec Tunnel Interface is UP, but i can't do a ping to remote pc

Re: Administration GUI

Re: Super excited about this new Community / Self-...

Re: VPN not accepting new connections

Re: Super excited about this new Community / Self-...

Re: Problem Cannot Access Web Interface of Fortine...

Re: Please Help: connect 2 site to site VPN tunels

Re: Site to Site VPN with one public IP

Re: cannot deploy policy package after adom upgrad...

Re: Out of IP's - adding another LAN but running i...

News & Articles

Security Research

Company

Contact Us