Re: msg="iprope_in_check() check failed on policy...

ede_pfau · 08-27-2022

FortiOS v6.4.10 has been released:https://docs.fortinet.com/document/fortigate/6.4.10/fortios-release-notes/760203/introduction-and-supported-models

ede_pfau · 11-25-2020

hi, today I set up email alerts for various events (so, event based and not severity level based), and I am missing a setting for hardware failure events, you know, fans, PSU, temperature. A look into the CLI didn't help.Am I thinking too hard, and t...

ede_pfau · 03-02-2019

Hello fellows, for simplicity, I often use my private SSH key to log in into my local admin account on various FGTs (I mean, CLI access via SSH). Now, if instead of a local admin account I use a wildcard admin account against LDAP/MS AD in the backgr...

ede_pfau · 08-31-2016

hello all, I've got a pair of FG-200B running v4.3.18 in A-P HA mode. Each cluster member is at a different location, HA links are across a dedicated line. On each site, there is one Cisco access router (19xx) in front of the FGT providing WAN access...

ede_pfau · 08-12-2016

hello all, I'm planning to place the slave unit of a Fortigate HA cluster into a remote location. There is a leased line (layer 2) for the HA connect. Can anybody confirm that I can run the HA traffic across a VLAN between the access switches on each...

ede_pfau · 09-04-2025

Nice find, thanks for sharing. Would you be so kind to open a support case to make FTNT aware of this bug? Apparently, an internal table (translating a name string to a tunnel ID) will only be refreshed if other changes are made. Just copy&paste your...

ede_pfau · 09-04-2025

I'm sorry to say that a FGT-VM is not elegible in the Trade-Up program. You will have to choose your hardware 'from scratch'. At least, chances are good that you can reuse the config after some slight modifications like changes in port names. With Fo...

ede_pfau · 09-03-2025

jinja2 is the way to go. Maybe you could post an example and I'll try to give you a hint. One obstacle is that you cannot directly script on the global or ADOM database. I've worked around that by scripting addresses on a Fortigate, and re-import it'...

ede_pfau · 09-03-2025

If both sides/sites use Fortigates, I'd use an address group as 'named address'. Make it routeable, right from the start. Then I use it in- phase2- policy- static route And for 60 s2s VPNs, use a template and script it, along with the address groups....

ede_pfau · 08-07-2025

that is correct, when the script is started it is "virgin".From your answer I guess you refer to a VDOM named "vpn"?Glad that it now works for you, maybe your answer will help others in this respect.

User Statistics

User Activity

FortiOS v6.4.10 is out

email alerts for hardware events

Admin auth per SSH key and LDAP

Synchronizing FGT HA with Cisco VRRP

HA over VLAN to remote FGT?

Re: Possible Bug: VPN Tunnel Name Change causes Firewall Policies to not work

Re: migrate fortigate VM NGFW license to physical device

Re: FortiManager: Find and Replace Address Objects with automated

Re: IPsec Phase 2

Re: "Configuration File Error" when trying to upload CLI script - works fine on CLI?

Re: msg="iprope_in_check() check failed on policy...

Re: Create 2 Tunnel from 1 device

Re: Traffic match with wrong Schedule

Re: FortiClient interrupting BUEXEC backups on exc...

Re: Update firmware from cli tftp: error code -39

Re: Comcast increased my WAN speed to 1100 Mbps an...

Re: Reachability Issue Between Head Office and Bra...

Re: Generated Heat Value in kW for 124F-POE and 14...

Re: FortiClient interrupting BUEXEC backups on exc...

Re: Create an APP Signature for Forcepoint

Super User

Fortinet Training Institute

User Statistics

User Activity

You are leaving our website