Description This article explains how to enable the encryption on the
logs sent from a FortiAnalyzer to a Syslog/FortiSIEM server. Solution
Before FortiAnalyzer 6.0.0 GA it was not possible to encrypt the logs
transmitted from FortiAnalyzer to a Sysl...
DescriptionThis article describes how to disable source NAT when a
policy allows traffic between two subnets on the same interface. In this
scenario the traffic enters and leaves FortiGate via the same interface.
This causes FortiOS to automatically ...
DescriptionWhen configuring trusted hosts for all firewall
administrators ping does not reply if the source IP of the ICMP request
is not included in the trusted hosts.This article describes how to
troubleshoot this issue.SolutionConfiguring trusted ...
DescriptionOn a FortiAuthenticator cluster, if a member of the cluster
is replaced and a new member joins the cluster, an error might be
received when a FortiToken Mobile license is provisioned: "FTM
provision: HA cluster SN "FACYYYXXXXXXXXXX" error:...
DescriptionUp to FortiOS v5.2, if asymmetric routing was enabled on the
firewall, FortiOS could route a TCP flow without checking the SYN flag,
even if a session was not present in the session list. However this flow
did not create a session and once...
Most probably you pinpointed the issue. Your FortiGate F-devices come
with a NP6Xlite (SOC4) processor, which like all other NP6 units, can't
accelerate PPPoE traffic. See
Assuming the WAN interface is the ingressing interface of your traffic,
you can change the MTU only on the WAN interface and this change will be
reflected on the IPsec interfaces bonded to this physical interface as
well. No need to touch the firewal...
The debug output you display is just a reflection of your current
configuration which doesn't give any information about potential TCP
retransmissions due to lower MSS in the path. A valid test would be to
change/increase the MTU configuration of you...
Hi Zoriax,What about the MTU used on all your equipment between the
client and the FortiGate but also between the FortiGate and the server?
Are you sure you're not using Jumbo frames on these segments, when as
you mention, you have an MTU of 1500 byt...