Technical Tip: FortiGuard Overview and Troubleshoo...

Sachin_Alex_Cherian_ · 08-23-2024

Description This article describes that FortiGate is now capable of handling the QUIC/TLS handshake and performing deep inspection or certificate inspection for HTTP3 and QUIC traffic. Scope FortiGate and FortiProxy running 7.4.1 or higher. Solution ...

Sachin_Alex_Cherian_ · 03-01-2024

Description This article describes every aspect of FortiGuard-related communications initiated from a device such as FortiGate. Scope FortiGuard - Introduction: FortiGuard Subscriptions/Services. FortiGuard Methods - Live Querying vs Databases: Live ...

Sachin_Alex_Cherian_ · 01-08-2024

Description This article describes how to log and monitor the single CPU core usage spike. Scope FortiGate with multiple CPU cores; FortiOS version 7.2.4 and above. Solution The System event generally records the CPU usage every 5 minutes by default ...

Sachin_Alex_Cherian_ · 06-28-2022

Description This article describes how to view the actual client IP details in the FortiGate logs when the FortiGate receives traffic from a proxy device connected to its LAN segment. Scope FortiGate v.6.0.0 or higher. FortiGate is handling pass-thro...

Sachin_Alex_Cherian_ · 05-30-2022

Description This article explains the format to properly add the SAN (Subject Alternative Name) while generating CSR (Certificate Signing Request). Scope FortiGate, FortiProxy. Solution The CSR can be generated from System -> Certificates -> Generate...

Sachin_Alex_Cherian_ · 07-10-2024

Hello, Can you check if you have anycast disabled under 'config system fortiguard'. Also check globalgip.fortinet.net can be resolved by FGT system DNS. Another alternative command to use would be diagnose geoip ip2country I was able to find the bel...

Sachin_Alex_Cherian_ · 04-02-2023

Hi, Yes, This is possible. Please have a look at the below links: https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-configure-an-IPsec-tunnel-in-interface/ta-p/191808 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-prac...

Sachin_Alex_Cherian_ · 03-30-2023

Hi Walter, When VIP is configured with port forwarding, you need to consider whether it gets triggered or not. In your case, "vip" (which forwardis all ip) or a "vip with port-forwarding": ; effectively is the same because you mentioned 1-65535 ports...

Sachin_Alex_Cherian_ · 03-27-2023

Hi Walter, Setting 'nat-source-vip' controls how the snat applies and is done in the following order: 1. reverse SNAT according to the VIP if nat-source-vip enabled; otherwise2. ippool specified in the policy (lan to wan policy)3. reverse SNAT accord...

Sachin_Alex_Cherian_ · 03-23-2023

Hi, SDWAN has 4 implicit methods of load balancing one of which is source-ip-based. The below link explains in brief regarding the same. https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/683285/selecting-the-implicit-sd-wan-algorithm Have ...

User Statistics

User Activity

Technical Tip : QUIC / HTTP3 support for certificate and deep inspection

Technical Tip: FortiGuard Overview and Troubleshooting

Technical Tip: Enable logging for single core CPU spike against System Event logs

Technical Tip: How to view/log actual client IP on FortiGate when traffic is received from a proxy server

Technical Tip: Adding SAN (Subject Alternative Name) while generating CSR (Certificate Signing Request)

Re: Getting an error when running the command 'diagnose geoip geoip-query <public ip>'

Re: FortiGate with IPSec VPN bounded to the loopback/lan interface

Re: VIP (DNAT) effect on SNAT behavior

Re: VIP (DNAT) effect on SNAT behavior

Re: SDWAN tuning

Technical Tip: FortiGuard Overview and Troubleshoo...

Technical Tip: Adding SAN (Subject Alternative Nam...

Re: Getting an error when running the command 'dia...

Re: how to block 5000 public IP

Technical Tip: Enable logging for single core CPU ...

Re: VIP (DNAT) effect on SNAT behavior

Re: HTTP.Server.Authorization.Buffer.Overflow ques...

Re: Dialup VPN : Strange tracroute

Re: Dialup VPN : Strange tracroute

KCS

Fortinet Training Institute