On a FGT60E running FortiOS v6.4, is there a way to create a "switch"
with interface members internal2 and vlan_xyz? Once we have the two
interfaces bridged we wish to control (typically, block) multicast
propagation between the two. In FortiOS 6.4 I...
We have two devices thing1 and thing2 on the dmz interface of a 60E. The
devices are on different subnets. VIP access to thing1 is working fine,
but thing2 fails with what looks like a routing issue that I can't sort
out.Relevant config:config system...
We have a static route to a /32 that we wish to redistribute into ospf,
but we want to keep that route out of area 0. TAC advises that config
ospf > config area > config filter-list only applies to LSA Type 3, but
redistributed routes are LSA Type 5 ...
A vxlan encapsulated ipsec tunnel runs inside an outer ipsec tunnel
which also carries ospf. The outer tunnel is working fine. The vxlan
tunnel reports it is up but traffic does not pass. Firmware is 5.6.7.
Looking for comments and tips on how to dia...
How can we build policies to (or otherwise) block or allow specific
ethertype traffic to traverse a switch-interface "soft switch" which has
intra-switch-policy = explicit? We have bridged two 60E FGT units
running 5.6 such that internal1 on FGT1 and...
Old thread, exactly same question.I already realised my advertised host
IP did not match the routing table so I created a blackhole route, but
after that traffic is not forwarded by the matching policy because
`reverse check fail, drop` ie the source...
Thank you for your reply. The aim is managed switch-like behaviour, for
the physical port to become an edge port on the vlan and ideally appear
to users as just another port, and we would then have the ability to
block multicast by policy assuming we...
omg how embarrassing. Thank you for pointing that out, what I pity I
didn't see it myself. To get going we removed the config for thing2,
redirected thing1 config to thing2 (correctly this time) and got in that
way. the task was to re-address thing2 ...
I have not had an issue logging into a VM however I believe you could
edit the text file you are loading into the VM to remove / reset the
password as in:config system admin edit "admin" set password
SomePassword # not set password ENC ... next endOr...
In general outgoing services from a FGT default to the outgoing
interface IP.For many of these services the IP can be changed (eg to a
loopback IP). This can be done for ntp, snmp, syslog at least.This looks
to be applicable to radius as well:config ...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.