Heyho, just ran into this: On my FortiManager in an adom I added an
IPSec VPN provisioning template in device manager. This has a phase1 and
also a phase2. I had no problems with phase1. But I do have a big
problem with phase2:I need to enter the sel...
Just ran into this issue and wanted to let you know: If on a policy the
security profiles is disabled (which is the Fortnet default if all
filters are empty) you are still forced to enter a ssl inspection
profile. However if the profiles are disabled...
Following constellation: FortiGate with FOS 7.2.10FortiClient 7.2.5 on
windows. IPsec tunnel witb psk and xauth against ldap usergroup on
Authenticator and mode config. Behavior:- Tunnel connects- does psk auth
and proposals- does mode config - gets ...
This recently has happened to us with our own Website and all our FGT.
When one tries to access our website all one gets in Chrome is a QUIC
Protocoll error.Looking at Chrome's netlog on a client affected I saw
that it tried to use Cloudflare's ECH P...
We are planning to upgrade a bunch of FGT100F to 7.2.10 very soon. The
official upgrade path states that this can be done in one single step.
Did anyone already do that and did you experience any problems
afterwards?Or was that just related to FOS <=...
hm loosing your credentials is always a bad thing.There is only two ways
to do a factory reset without having credentials: a) use the rest butten
(if there is one. Not all FortiGates have it). Press it for some secs
within a ,in after bootup to reset...
that depends on your ISP. However you must connect every cluster node to
that wan. That alone might require a switch or router in between to have
enough ports.In or case (that's active-passive cluster here anyways) the
ISP router/box only gives us on...
just as a tip: ping is kernel based while http(s) is a service.So ping
may work but http(s) may not.In this case you coud try to debug it on
cli with somethng likedia debug enabledia debug app httpd/httpsd this
will give you some debug log output tha...
Since DHCP is udp broadcasting that can only work within a
subnet/Interface (except if you relay it) this is so called
net-internal-traffic. That will not hit any policy. Your FGT will just
receive the broadcasted DHCPDISCOVER and answers it with a D...