This happened here in this constellation: FMG v7.0.5FGT v7.0.9Adom
FortiOS v7 when you create a vip in policy manager you see it in the vip
section in the objects menue but it does not appear in the selection
when you edit or create a policy and they...
I ran into an issue here: I have a zone with several members.Now I need
multicast forwarding for airprint between two members of that
zone.intra-zone-traffic is blocked (per default) which is wanted that
way.So any traffic has to be explicitely allow...
Hiho, there is an old bug in FortiOS and FortiManager that allows you to
set too long Phase1 names. This can cause problems wenn the FGT runs out
of space on creating new dialup instances due to enumeration. This
means: when you create a dial up ipse...
just encountered this: IPSec Dial Up does allow concurrent tunnels. To
make sure it can handle each one it enumerates the tunnels. Good so
far.Though the Gui (and the FOrtimanager gui also) allow you to enter
too long p1 names.If you p1 name is too l...
Hiho, I have an adom which used to bei v6.2 before. As long as it was
6.2 all worked fine even after upgrading the FortiManager to v6.4. Once
I upgraded the adom (and the global adom as it provides objects that are
used in that adom) to v.6.4 I canno...
yes do not use overlapping subnets. That causes too much trouble and
obfuscating. Build the Site2Site as said. Create the policies on both
sides to allow traffic to flow (ipsec will not come up without policy
anyhow) and also make sure that both side...
Beware that the regexp parser in fortios seems to be partly buggy. I
once had a case where I had a regexp in url filter of which even TAC
stated it is correct but it still didn't work in url filter.
Basically that doesn't even need to be a Fortinet product. Both sslvpn
and IPSec are standardized so it would work with any vpn gateway.However
I never tried since I have fortigates as vpn gws where I need vpn.
I had issues with DNS not working in IPSec too. The culprit was that I
did set DNS Server(s) and also did set the suffix but the DNS mode was
still at auto. Since I did set that up in FortiManager that might have
been a bug in FMG.But also that could...
