hi, today I set up email alerts for various events (so, event based and
not severity level based), and I am missing a setting for hardware
failure events, you know, fans, PSU, temperature. A look into the CLI
didn't help.Am I thinking too hard, and t...
Hello fellows, for simplicity, I often use my private SSH key to log in
into my local admin account on various FGTs (I mean, CLI access via
SSH). Now, if instead of a local admin account I use a wildcard admin
account against LDAP/MS AD in the backgr...
hello all, I've got a pair of FG-200B running v4.3.18 in A-P HA mode.
Each cluster member is at a different location, HA links are across a
dedicated line. On each site, there is one Cisco access router (19xx) in
front of the FGT providing WAN access...
hello all, I'm planning to place the slave unit of a Fortigate HA
cluster into a remote location. There is a leased line (layer 2) for the
HA connect. Can anybody confirm that I can run the HA traffic across a
VLAN between the access switches on each...
well, if you see that traffic is allowed, then you have a valid session.
I would either look at the session data in FortiView, or use the policy
finder tool in the Policy Table to determine the policy which the
traffic follows.You didn't mention if y...
In case you try to connect from a different subnet, you need to install
a default route first:conf sys routeedit 0set dstint port1set dest
0.0.0.0/0set gateway x.x.x.xnextend(from memory, you'll find the exact
syntax, it's similar to FortiOS).Of cour...
You need to get recommendations from two FTNT employees. Thus, it's far
easier for a partner of become a member, by contacting their channel
account mgrs. But, getting back to your request, I'm not sure if you'd
really need to get into the API. Have ...
Exactly, use VIPs (DNAT) to "expose" your internal servers, not
secondary IPs. The latter would just point to the FGT, not to any
server.If you set up the 2 policies correctly, outbound traffic (which
is not reply traffic) will be re-translated to th...
Wonder why nobody mentions the "link monitor". You can set up a link
monitor, using ping or TCP handshake or other means, to monitor a remote
server/target. Which in your case would be the other HA cluster. If
detected, the link monitor can trigger a...