hi, today I set up email alerts for various events (so, event based and
not severity level based), and I am missing a setting for hardware
failure events, you know, fans, PSU, temperature. A look into the CLI
didn't help.Am I thinking too hard, and t...
Hello fellows, for simplicity, I often use my private SSH key to log in
into my local admin account on various FGTs (I mean, CLI access via
SSH). Now, if instead of a local admin account I use a wildcard admin
account against LDAP/MS AD in the backgr...
hello all, I've got a pair of FG-200B running v4.3.18 in A-P HA mode.
Each cluster member is at a different location, HA links are across a
dedicated line. On each site, there is one Cisco access router (19xx) in
front of the FGT providing WAN access...
hello all, I'm planning to place the slave unit of a Fortigate HA
cluster into a remote location. There is a leased line (layer 2) for the
HA connect. Can anybody confirm that I can run the HA traffic across a
VLAN between the access switches on each...
Do not rejoice too early, as IPsec VPN traffic protocols are not so
difficult to detect, and to block.As a hint, since FortiOS v7.0, you can
change the default VPN ports (and 4500) to _one_ custom port. The other,
receiving site just has to know and ...
Protecting VPN traffic with blackhole routes has been discussed earlier
in this
forum:https://community.fortinet.com/t5/Support-Forum/Re-evaluate-sessions/m-p/7866?m=120834#120872
In my post, I've provided a batch script which configures blackhole
ro...
On the FGT side, most best practices mentioned also apply:- create
address objects for the networks to be proteced, and those on the CPto
be used here:- in the phase2- in static route- in the policyThis way,
you only have to edit one central object t...
Firstly, as kaman mentioned, there is a switch in the upper right corner
of the web page "By sequence" which switches off interface-pair
grouping.Apart from getting a quick overview (for instance, which
policies use a specific security profile, or NA...