Fortinet Community

Sachin_Alex_Cherian_ · 06-28-2022

Description This article describes how to view the actual client IP details in the FortiGate logs when the FortiGate is receiving the traffic from a proxy device connected to its LAN segment. Scope FortiGate v.6.0.0 or higher FortiGate is handling pa...

Sachin_Alex_Cherian_ · 05-30-2022

Description This article explains the format to properly add the SAN (Subject Alternative Name) while generating CSR (Certificate Signing Request). Scope FortiGate, FortiProxy. Solution The CSR can be generated from System -> Certificates -> Generate...

Sachin_Alex_Cherian_ · 05-17-2022

Description This article explains how to overcome vulnerabilities related to SSH Weak Message Authentication Code Algorithms. Scope When doing vulnerability assessments against the FortiGate. For FortiOS version 7.0 and upper. Solution The vulnerabil...

Sachin_Alex_Cherian_ · 04-20-2022

Description This article explains about the feasibility of managing multiple fortilinks from GUI. Scope FortiOS 6.4.2 and later. Solution This article describes that before version 6.4.2, it is not possible manage/create multiple FortiLink from GUI. ...

Sachin_Alex_Cherian_ · 03-02-2022

Description This article describes how to define a policy route based on MAC address. Scope The FortiGate should be able to see the source MAC address as such if an L3 unit is connected downstream to FortiGate, this will not be applicable as the sour...

Sachin_Alex_Cherian_ · 04-02-2023

Hi, Yes, This is possible. Please have a look at the below links: https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-configure-an-IPsec-tunnel-in-interface/ta-p/191808 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-prac...

Sachin_Alex_Cherian_ · 03-30-2023

Hi Walter, When VIP is configured with port forwarding, you need to consider whether it gets triggered or not. In your case, "vip" (which forwardis all ip) or a "vip with port-forwarding": ; effectively is the same because you mentioned 1-65535 ports...

Sachin_Alex_Cherian_ · 03-27-2023

Hi Walter, Setting 'nat-source-vip' controls how the snat applies and is done in the following order: 1. reverse SNAT according to the VIP if nat-source-vip enabled; otherwise2. ippool specified in the policy (lan to wan policy)3. reverse SNAT accord...

Sachin_Alex_Cherian_ · 03-23-2023

Hi, SDWAN has 4 implicit methods of load balancing one of which is source-ip-based. The below link explains in brief regarding the same. https://docs.fortinet.com/document/fortigate/6.2.13/cookbook/683285/selecting-the-implicit-sd-wan-algorithm Have ...

Sachin_Alex_Cherian_ · 03-22-2023

Hi, The log event is related to an IPS event: type="utm" subtype="ips" eventtype="signature" If you are sure this signature needs to be allowed or whitelisted, you may follow the below document which explains the same: https://community.fortinet.com/...

Fortinet Community

User Statistics

User Activity

Technical Tip: How to view/log actual client IP on FortiGate when traffic is received from a proxy server

Technical Tip : Adding SAN(Subject Alternative Name) while generating CSR(Certificate Signing Request)

Technical Tip: How to avoid the use of SSH Weak Message Authentication Code Algorithms

Technical Tip: Manage multiple FortiLink from GUI

Technical Tip: MAC address based policy route

Re: FortiGate with IPSec VPN bounded to the loopback/lan interface

Re: VIP (DNAT) effect on SNAT behavior

Re: VIP (DNAT) effect on SNAT behavior

Re: SDWAN tuning

Re: HTTP.Server.Authorization.Buffer.Overflow question

Re: how to block 5000 public IP

Technical Tip : Adding SAN(Subject Alternative Nam...

Re: Use MGMT interface as source-ip for radius

Re: Dialup VPN : Strange tracroute

Technical Tip: Best Practices for firmware upgrade...

Re: VIP (DNAT) effect on SNAT behavior

Re: HTTP.Server.Authorization.Buffer.Overflow ques...

Re: Dialup VPN : Strange tracroute

Re: Dialup VPN : Strange tracroute

Fortinet Training Institute

KCS