I ran into an issue here: I have a zone with several members.Now I need
multicast forwarding for airprint between two members of that
zone.intra-zone-traffic is blocked (per default) which is wanted that
way.So any traffic has to be explicitely allow...
Hiho, there is an old bug in FortiOS and FortiManager that allows you to
set too long Phase1 names. This can cause problems wenn the FGT runs out
of space on creating new dialup instances due to enumeration. This
means: when you create a dial up ipse...
just encountered this: IPSec Dial Up does allow concurrent tunnels. To
make sure it can handle each one it enumerates the tunnels. Good so
far.Though the Gui (and the FOrtimanager gui also) allow you to enter
too long p1 names.If you p1 name is too l...
Hiho, I have an adom which used to bei v6.2 before. As long as it was
6.2 all worked fine even after upgrading the FortiManager to v6.4. Once
I upgraded the adom (and the global adom as it provides objects that are
used in that adom) to v.6.4 I canno...
I have this constellation: FGT100E with a FEX connected to it via
capwap.FGT has authorized the FEX and added a device ofor it.All wans
plus FEX are members of sd-wan. All wans except FEX are part of SD-WAN
health check.I kept FEX out because it shou...
without split tunneling it should work if that default route (over the
tunnel) is the only one or has the lowest metric.The big contra of this
is that it would also send all your internet traffic through the tunnel.
So in order to still have internet...
Caveat: there is one bug in FortiOS: on dial up vpns FOS does not
subtract the digits used for the suffix from the maximum name length of
your tunnel. Since FOS supports 1000 concurrent connections the suffix
takes up to 5 digits (_xxxx). Due to that...
I guess 192.168.2.16 is the remote end of your vpn (i.e. yoour FGT). If
it gets that as default gw that would mean either split tunneling is not
enabled or split tunneling does not work for some reason.In this case
the routing table of your client wo...
You don't need NAT here since your FortiGate is the Gateway on both
"endpoints" and the FGT does have an interface in both subnets. NAT
might even be contra-productive here.Try to disable it. The rest of you
policies looks good so far. Basically all ...