Following constellation: FortiGate with FOS 7.2.10FortiClient 7.2.5 on
windows. IPsec tunnel witb psk and xauth against ldap usergroup on
Authenticator and mode config. Behavior:- Tunnel connects- does psk auth
and proposals- does mode config - gets ...
This recently has happened to us with our own Website and all our FGT.
When one tries to access our website all one gets in Chrome is a QUIC
Protocoll error.Looking at Chrome's netlog on a client affected I saw
that it tried to use Cloudflare's ECH P...
We are planning to upgrade a bunch of FGT100F to 7.2.10 very soon. The
official upgrade path states that this can be done in one single step.
Did anyone already do that and did you experience any problems
afterwards?Or was that just related to FOS <=...
I just ran into this: We have a Windows DHCP that has a scope for a
vlan.the vlan interface on the FGT100E is set to do dhcp relaying to
this Windows DHCP.the Windows DHCP also has dhcp option 138 set for all
scopes it has.If I now connect a client t...
I did the following: - upgraded FMG to 7.0.11 while the FGT still were
on 7.0.13 => everything still worked fine afterwards- upgraded the FGT
to 7.0.14 during the next night (scheduled) => since then FGT keep
losing the connection to FMG when I deplo...
yes you need CA:TRUE (i.e. a CA or SubCA Certificate) for Deep packet
inspection. This is because of the way this functions. DPI works
man-in-the-middle, that means the FGT has to decrypt the traffic,
inspect it and then re-encrypt it to pass it on t...
well the log says it did pass the DMARC and SPF Check but it failed the
DKIM Check due to invalid DKIM signature. THat can happen because DMARC
and SPF are (mail)serverside while the DKIM Signature is part of the
message itself.
we do that here by having some task in fac that regularly fetches users
from AzureAD if they are in a specific AD group. You need the fetch
these in order to be able to apply MFA to the user in FAC :)FAC then
acts as radius server for our FGT and IPS...
For Example 1: if there is neither per-device nor per-plattform mapping
the object is static and will have Address/Netmask set in FMG
(192.168.1.0/24) If there is per PLatform mapping then every Device
matching the plattform will get that mapping and...