Re: msg="iprope_in_check() check failed on policy...

ede_pfau · 08-27-2022

FortiOS v6.4.10 has been released:https://docs.fortinet.com/document/fortigate/6.4.10/fortios-release-notes/760203/introduction-and-supported-models

ede_pfau · 11-25-2020

hi, today I set up email alerts for various events (so, event based and not severity level based), and I am missing a setting for hardware failure events, you know, fans, PSU, temperature. A look into the CLI didn't help.Am I thinking too hard, and t...

ede_pfau · 03-02-2019

Hello fellows, for simplicity, I often use my private SSH key to log in into my local admin account on various FGTs (I mean, CLI access via SSH). Now, if instead of a local admin account I use a wildcard admin account against LDAP/MS AD in the backgr...

ede_pfau · 08-31-2016

hello all, I've got a pair of FG-200B running v4.3.18 in A-P HA mode. Each cluster member is at a different location, HA links are across a dedicated line. On each site, there is one Cisco access router (19xx) in front of the FGT providing WAN access...

ede_pfau · 08-12-2016

hello all, I'm planning to place the slave unit of a Fortigate HA cluster into a remote location. There is a leased line (layer 2) for the HA connect. Can anybody confirm that I can run the HA traffic across a VLAN between the access switches on each...

ede_pfau · 11-27-2025

You cannot use 'ping' to test a port-forwarding VIP. ICMP is a portless protocol.Which host is 172.16.0.1? There is no connectivity in the subnet.Do you use VLANs? If so, inbound and outbound traffic to/from a FGT on a VLAN interface is always tagged...

ede_pfau · 11-26-2025

IMHO the policy does not allow this traffic.It needs to allow HTTP (port 80) and your custom service (tcp/10020). Please give it a try. If unsuccessful, run a 'diag debug flow' to see what happens. Post it here for interpretation.

ede_pfau · 11-26-2025

The second phase2 selector is not up (10.131.88.222 <> 192.168.20.0). Most often this is because the other side doesn't accept it, or the policy on your side.

ede_pfau · 11-23-2025

Eh, why is that "not practical"?? It's a job for an intern, if you have one. /sIf you stick with static routes, just create one address object for each /24, check the "routeable" property, and then collect them all into a routable address group. Use ...

ede_pfau · 11-23-2025

hi, as this is about the default route (0.0.0.0/0), the PC needs a second default route not as attractive as the VPN but still more attractive as the local LAN router. And that would be a blackhole route, discarding all traffic.Example:the default ro...

User Statistics

User Activity

FortiOS v6.4.10 is out

email alerts for hardware events

Admin auth per SSH key and LDAP

Synchronizing FGT HA with Cisco VRRP

HA over VLAN to remote FGT?

Re: fortigate virtual ip cant access from outside

Re: fortigate virtual ip cant access from outside

Re: show phase 2 status up/down fortigate 200F v7.4.8

Re: FortiOS 7.4 — Best way to route 100+ subnets into an IPsec SD-WAN zone?

Re: ZTNA Off-Fabric user blocking internet

Re: msg="iprope_in_check() check failed on policy...

Re: Create 2 Tunnel from 1 device

Re: Traffic match with wrong Schedule

Re: FortiClient interrupting BUEXEC backups on exc...

Re: Update firmware from cli tftp: error code -39

Re: FortiAnalyzer 7.6.4 on Azure: Daily Log Limit ...

Re: Creating a NAT in Fortigate 120G

Re: Comcast increased my WAN speed to 1100 Mbps an...

Re: Reachability Issue Between Head Office and Bra...

Re: Generated Heat Value in kW for 124F-POE and 14...

Fortinet Training Institute

Super User

User Statistics

User Activity

You are leaving our website