Fortinet Community

journeyman · 04-11-2022

On a FGT60E running FortiOS v6.4, is there a way to create a "switch" with interface members internal2 and vlan_xyz? Once we have the two interfaces bridged we wish to control (typically, block) multicast propagation between the two. In FortiOS 6.4 I...

journeyman · 07-11-2021

We have two devices thing1 and thing2 on the dmz interface of a 60E. The devices are on different subnets. VIP access to thing1 is working fine, but thing2 fails with what looks like a routing issue that I can't sort out.Relevant config:config system...

journeyman · 04-22-2021

We have a static route to a /32 that we wish to redistribute into ospf, but we want to keep that route out of area 0. TAC advises that config ospf > config area > config filter-list only applies to LSA Type 3, but redistributed routes are LSA Type 5 ...

journeyman · 03-25-2019

A vxlan encapsulated ipsec tunnel runs inside an outer ipsec tunnel which also carries ospf. The outer tunnel is working fine. The vxlan tunnel reports it is up but traffic does not pass. Firmware is 5.6.7. Looking for comments and tips on how to dia...

journeyman · 02-13-2019

How can we build policies to (or otherwise) block or allow specific ethertype traffic to traverse a switch-interface "soft switch" which has intra-switch-policy = explicit? We have bridged two 60E FGT units running 5.6 such that internal1 on FGT1 and...

journeyman · 06-02-2022

Old thread, exactly same question.I already realised my advertised host IP did not match the routing table so I created a blackhole route, but after that traffic is not forwarded by the matching policy because `reverse check fail, drop` ie the source...

journeyman · 04-12-2022

Thank you for your reply. The aim is managed switch-like behaviour, for the physical port to become an edge port on the vlan and ideally appear to users as just another port, and we would then have the ability to block multicast by policy assuming we...

journeyman · 07-22-2021

omg how embarrassing. Thank you for pointing that out, what I pity I didn't see it myself. To get going we removed the config for thing2, redirected thing1 config to thing2 (correctly this time) and got in that way. the task was to re-address thing2 ...

journeyman · 07-11-2021

I have not had an issue logging into a VM however I believe you could edit the text file you are loading into the VM to remove / reset the password as in:config system admin edit "admin" set password SomePassword # not set password ENC ... next endOr...

journeyman · 10-08-2020

In general outgoing services from a FGT default to the outgoing interface IP.For many of these services the IP can be changed (eg to a loopback IP). This can be done for ntp, snmp, syslog at least.This looks to be applicable to radius as well:config ...

Fortinet Community

User Statistics

User Activity

How to bridge or make a switch between a physical port and a vlan interface?

vip fails, flow shows strange route

any way to apply an ospf area filter to a redistributed route?

how to diagnose vxlan ipsec tunnel within another ipsec tunnel?

How to block / allow packets through a soft switch based on ethertype?

Re: [Help] BGP advertise single host

Re: How to bridge or make a switch between a physical port and a vlan interface?

Re: vip fails, flow shows strange route

Re: Transfert config from physical to a virtual. FG1100E to VM64-KVM

Re: Fortigate as a Radius Client

Re: Create or clone policy via CLI without needing...

Re: deploy ips signature file using scp or simila...

Re: Move subinterface to a different physical int...

News & Articles

Security Research

Company

Contact Us