Technical Tip: How to disable source NAT to enable...

Stelios_FTNT · 12-28-2018

Description This article explains how to enable the encryption on the logs sent from a FortiAnalyzer to a Syslog/FortiSIEM server. Solution Before FortiAnalyzer 6.0.0 GA it was not possible to encrypt the logs transmitted from FortiAnalyzer to a Sysl...

Stelios_FTNT · 12-28-2018

Description This article describes how to disable source NAT when a policy allows traffic between two subnets on the same interface. In this scenario, the traffic enters and leaves FortiGate via the same interface. This causes FortiOS to automaticall...

Stelios_FTNT · 12-28-2018

DescriptionWhen configuring trusted hosts for all firewall administrators ping does not reply if the source IP of the ICMP request is not included in the trusted hosts.This article describes how to troubleshoot this issue.SolutionConfiguring trusted ...

Stelios_FTNT · 12-28-2018

DescriptionOn a FortiAuthenticator cluster, if a member of the cluster is replaced and a new member joins the cluster, an error might be received when a FortiToken Mobile license is provisioned: "FTM provision: HA cluster SN "FACYYYXXXXXXXXXX" error:...

Stelios_FTNT · 12-26-2017

Description This article describes how to enable the creation of a TCP session on the firewall without checking for a SYN packet. Up to FortiOS v5.2, if asymmetric routing was enabled on the firewall, FortiOS could route a TCP flow without checking t...

Stelios_FTNT · 04-04-2022

PSIRT Advisory has been published:https://fortiguard.fortinet.com/psirt/FG-IR-22-059

Stelios_FTNT · 11-25-2021

Most probably you pinpointed the issue. Your FortiGate F-devices come with a NP6Xlite (SOC4) processor, which like all other NP6 units, can't accelerate PPPoE traffic. See here:https://docs.fortinet.com/document/fortigate/7.0.1/hardware-acceleration/...

Stelios_FTNT · 11-23-2021

Assuming the WAN interface is the ingressing interface of your traffic, you can change the MTU only on the WAN interface and this change will be reflected on the IPsec interfaces bonded to this physical interface as well. No need to touch the firewal...

Stelios_FTNT · 11-23-2021

The debug output you display is just a reflection of your current configuration which doesn't give any information about potential TCP retransmissions due to lower MSS in the path. A valid test would be to change/increase the MTU configuration of you...

Stelios_FTNT · 11-23-2021

Hi Zoriax,What about the MTU used on all your equipment between the client and the FortiGate but also between the FortiGate and the server? Are you sure you're not using Jumbo frames on these segments, when as you mention, you have an MTU of 1500 byt...

User Statistics

User Activity

Technical Note: Encrypt the logs transmitted from a FortiAnalyzer to a FortiSIEM

Technical Tip: How to disable source NAT to enable a hairpin policy or one-arm firewall

Troubleshooting Tip : Ping not responding if source not in trusted hosts

Technical Note: FortiToken Mobile provisioned on FortiAuthenticator gives 'FTM provision: HA cluster SN FACYYYXXXXXXXXXX error: Product is not registered(21)'

Technical Tip: Enable the creation of a TCP session on the firewall without checking for a SYN packet

Re: CVE-2022-0778 vulnerability issue

Re: Site to site IPsec traffic very slow

Re: Site to site IPsec traffic very slow

Re: Site to site IPsec traffic very slow

Re: Site to site IPsec traffic very slow

Technical Tip: How to disable source NAT to enable...

Technical Note: Encrypt the logs transmitted from ...

Technical Tip: Enable the creation of a TCP sessio...

Re: CVE-2022-0778 vulnerability issue

Fortinet Training Institute

KCS