Re: FortiGate HA and LACP with two clusters

sw2090 · 07-15-2025

I just ran into this: I have a FQDN that used to be rated as "newly observed domain". I create a rating override to a custom cathegory and added that cathegory to the list of reputable sites in the DPI profile. The Site then worked (before that it go...

sw2090 · 07-01-2025

Hello, I would like to ask you for yur opinion on this: I have two ha clusters: Cluster #1 has two 400Fs and is active-passive Cluster #2 has two 200Fs and is active-passive between these two clusters is a link. This is an LACP Aggregate Interface wi...

sw2090 · 02-04-2025

Heyho, just ran into this: On my FortiManager in an adom I added an IPSec VPN provisioning template in device manager. This has a phase1 and also a phase2. I had no problems with phase1. But I do have a big problem with phase2:I need to enter the sel...

sw2090 · 01-28-2025

Just ran into this issue and wanted to let you know: If on a policy the security profiles is disabled (which is the Fortnet default if all filters are empty) you are still forced to enter a ssl inspection profile. However if the profiles are disabled...

sw2090 · 10-25-2024

Following constellation: FortiGate with FOS 7.2.10FortiClient 7.2.5 on windows. IPsec tunnel witb psk and xauth against ldap usergroup on Authenticator and mode config. Behavior:- Tunnel connects- does psk auth and proposals- does mode config - gets ...

sw2090 · 09-12-2025

if you have the same models and same firmware you could do this. Hardware is the same, so interfaces etc are the same and so is firmware. Should not cause any issues so far.HA afterwards afaik should be possible as it syncs itself then anyways. Licen...

sw2090 · 09-02-2025

well console will work even if there is no firmware (I had that several times after formatting boot device via the boot menue). If it doesn't then either your FGT is dead or something is wrong with your cable and/or serial settings.FGT per default do...

sw2090 · 09-02-2025

indeed. It only gets quite obfuscating with so many phase2s :)I also tend to use an open (i.e. 0.0.0.0/0) p2 selector and then do the rest with routing and policies.

sw2090 · 09-02-2025

Don't Cisco have an incompatible Pinout? I used HP,DELL as well as FOrtinet Cables and I never had any garbage output with any FortiGate (and we have models from 40F up to 400F). The only Fortinet device that hit me with garbage was some FortiExtende...

sw2090 · 08-29-2025

Alas you can have Zone with different logical/physcial interfaces and use that in policies on a FGT too but still you have the above problems.

User Statistics

User Activity

Website blocked by webfilter even though exempted from DPI

FortiGate HA and LACP with two clusters

FortiManager IPSec provisioning templates - phase2 partly broken?

SSL Inspection is being ignored

strange behavior on ipsec vpn

Re: Copying Configuration Between Two FortiGate Devices

Re: New device stuck after firmware upgrade to 7.6

Re: IPsec Phase 2

Re: Garbage output during boot menu via usb serial console on linux host

Re: Is it possible to put a Fortigate in the middle of a network with arbitrary parts on either side

Re: FortiGate HA and LACP with two clusters

Re: sd-wan vpn

Re: ERR_SSL_PROTOCOL_ERROR on the newest Chrome 13...

Re: ERR_SSL_PROTOCOL_ERROR on the newest Chrome 13...

Re: Disadvantage of using a internal CA issued cer...

Re: Automatic Updates for FortiManager Integrated ...

Re: Configure DNS server

Re: SFP+ FortiLinks ports

Re: Mapping dynamic object configuration

Re: Buy Amazon Firewall

Super User

User Statistics

User Activity

You are leaving our website