Hello, We have a problem where we have a site who has two ISPs that do
not allow access to their DNS servers from the opposite DNS. What I' d
like to do is configure the Fortigate to be the forwarder for our on
site DNS Servers, and have the Fortigat...
Hello all, I am having a problem with one of my sites connecting into
another site. Site A is the hub in the hub-spoke. Site B is a spoke
(obviously). Site B has a primary and a secondary ISP. When Site B is
routing over its primary ISP, there are no...
Hello, How does one go about trigger an HA failover from the CLI?
Specifically, how does one go about trigger a failback to the cluster
member with the highest weight? Thanks, Matt
Hello, The CEO of the company uses only Outlook Web Access to access his
Email (preferring it over Outlook). It appears that his connection is
timing out before the timeout given by our Exchange host. They state
eight hours, we are experiencing timeo...
Hello, I know of the FortiVM virtual machine (similar to Checkpoint' s
SPlat, or homegrown firewall solutions). This is, unfortunately, a true
licensable, production device of course. I am wondering if Fortinet has
released a FortiOS emulator. Someth...
There is only one Internet Link. one Firewall. No any other proxies. I
tried with different workstations but result is same. All browsers share
same proxy settings. (No Proxy) At the moment I see this issue only by
accessing facebook. Other sites are...
This sounds like a problem with your network architecture. Can you
describe this a bit more? How many ISPs do you have at the problem site?
How many firewalls? How many other proxies?
In order to support HTTPS Deep Packet Inspection (as you have
configured), you must proxy the HTTPS connection (the firewall must be
able to create the connection, decrypt the encrypted packets, re-encrypt
and pass them to and from). So, your client ...
Cool. I had a problem yesterday where all my HTTPS inspection... just...
dropped... isolated in a single VDOM. wat. I restarted the `ssl` daemon
and it worked. So you mean you simply have " Enable Deep Scanning"
enabled in the protocol options object...
Cool. I agree, if it was the cert, it would fail globally (of course!).
Have you tried testing with a total other client like `curl`? curl
--insecure https://google.com That' s interesting, seeing:
<H1>301
Moved</H1> The document has moved here. What happen...