Description This article describes how to view the actual client IP
details in the FortiGate logs when the FortiGate is receiving the
traffic from a proxy device connected to its LAN segment. Scope
FortiGate v.6.0.0 or higher FortiGate is handling pa...
Description This article explains the format to properly add the SAN
(Subject Alternative Name) while generating CSR (Certificate Signing
Request). Scope FortiGate, FortiProxy. Solution The CSR can be generated
from System -> Certificates -> Generate...
Description This article explains how to overcome vulnerabilities
related to SSH Weak Message Authentication Code Algorithms. Scope When
doing vulnerability assessments against the FortiGate. For FortiOS
version 7.0 and upper. Solution The vulnerabil...
Description This article explains about the feasibility of managing
multiple fortilinks from GUI. Scope FortiOS 6.4.2 and later. Solution
This article describes that before version 6.4.2, it is not possible
manage/create multiple FortiLink from GUI. ...
Description This article describes how to define a policy route based on
MAC address. Scope The FortiGate should be able to see the source MAC
address as such if an L3 unit is connected downstream to FortiGate, this
will not be applicable as the sour...
Hi, Yes, This is possible. Please have a look at the below links:
Hi Walter, When VIP is configured with port forwarding, you need to
consider whether it gets triggered or not. In your case, "vip" (which
forwardis all ip) or a "vip with port-forwarding": ; effectively is the
same because you mentioned 1-65535 ports...
Hi Walter, Setting 'nat-source-vip' controls how the snat applies and is
done in the following order: 1. reverse SNAT according to the VIP if
nat-source-vip enabled; otherwise2. ippool specified in the policy (lan
to wan policy)3. reverse SNAT accord...
Hi, SDWAN has 4 implicit methods of load balancing one of which is
source-ip-based. The below link explains in brief regarding the same.
Hi, The log event is related to an IPS event: type="utm" subtype="ips"
eventtype="signature" If you are sure this signature needs to be allowed
or whitelisted, you may follow the below document which explains the
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.