Re: FortiGate HA and LACP with two clusters

sw2090 · 10-29-2025

I just ran into this: I have an Adom in FMG. In this is a FGT100F I want to use for lab purposes. It was reseted to factory default before adding it to FMG. It added successfully and I can configure it in FMG. I was able to deploy device configuratio...

sw2090 · 10-20-2025

I ran into this issue on our FortiMail and wanted to let you know: We found a mail going out of the FML that should have been quarantined due to failing DMARC check. However the mail went through to the user even without any filtering. The log only s...

sw2090 · 09-16-2025

I have the following situation: I have a website that in our config is allowed per cathegory due to FortiGuard rating. Now we want to temporarily have webfilter block that site.So I added a web rating override to a local cathegory that is set to acti...

sw2090 · 07-15-2025

I just ran into this: I have a FQDN that used to be rated as "newly observed domain". I create a rating override to a custom cathegory and added that cathegory to the list of reputable sites in the DPI profile. The Site then worked (before that it go...

sw2090 · 07-01-2025

Hello, I would like to ask you for yur opinion on this: I have two ha clusters: Cluster #1 has two 400Fs and is active-passive Cluster #2 has two 200Fs and is active-passive between these two clusters is a link. This is an LACP Aggregate Interface wi...

sw2090 · 12-17-2025

Keep in mind that if you configure the FGT to be active-passive you will need LAGs because both nodes share the mac addresses! I myself here had to learn that the hard way...

sw2090 · 12-11-2025

I ran into this issue in 7.2 while configuring provisioning templates. I cannot use Metavariables in the DHCP Pools there too. However one can use the variables on cli. So I workarounded that using a cli provisioning template.So this is a gui issue b...

sw2090 · 12-11-2025

Debugging IPSec is allways rather annoying...but that's not Fortinet's fault :)However cases of traffic entering an IPSec SA but not leaving it on the other end os often caused by mismatching phase2 quick selectors. I ran into this several times so t...

sw2090 · 12-10-2025

hm we have some sites that still use hp switches behind a FortiGate here. On the HP the uplink to the FGT is untagged in vid 1 (because HP wants the port to untagged in one vlan and we don't use vid 1 anyways) and tagged im any other vlan we use.Then...

sw2090 · 12-08-2025

In Fact there is some nasty bug with FortiGate Ipsec and dyndns. I ran into that too and i don't think Fortinet ever fixed it (even though TAC aknowledged it): when you have dyndns remote gateway on an ipsec and you disabled the phase1 auto negotiati...

User Statistics

User Activity

Issue with proivisioning Template in FMG

Security Whoe in FML 7.4

strange issue with webfilter

Website blocked by webfilter even though exempted from DPI

FortiGate HA and LACP with two clusters

Re: FortiGate 901G HA Cluster with Cisco Switch Stack Using LACP – Best Practice Configuration

Re: DHCP Server Address Range not allowing variables on FortiManager

Re: IPSEC VPN Issues

Re: HP and fortigate - ports and vlans

Re: IPsec Dynamic DNS Addresses Not Updating

Re: FortiGate HA and LACP with two clusters

Re: sd-wan vpn

Re: ERR_SSL_PROTOCOL_ERROR on the newest Chrome 13...

Re: ERR_SSL_PROTOCOL_ERROR on the newest Chrome 13...

Re: Disadvantage of using a internal CA issued cer...

Re: Issue with proivisioning Template in FMG

Re: Automatic Updates for FortiManager Integrated ...

Re: Configure DNS server

Re: SFP+ FortiLinks ports

Re: Mapping dynamic object configuration

Super User

User Statistics

User Activity

You are leaving our website