Hi guys, after upgrading our FortiGate Cluster to 6.2.2, I got the
following message in the dashboard: "This FortiGate has taken over for
the original master" "ha override" is enabled. So I thought, I get the
message because of the slave (lower prior...
Hi guys, I would be interested in what is the best/most reliable way to
ensure that traffic is sent into an IPsec tunnel.I.e. if I can see
outgoing Traffic within the IPsec Monitor and I also see packets when
starting a packet caputre on the VPN tunn...
Hi guys, FortiView -> All Sessions works great for us when analysing
allowed traffic. But there is never any denied traffic listed. Even if
"Log Violation Traffic" is checked within the policy settings. Is this
the expected behaviour? If not, what ot...
Hi, one of our customers asked us to configure a redundant Site-to-Site
IPsec VPN with two static IPs or DNS-Names.E.g. use IP/DNS name one to
establish the tunnel, if this IP/DNS name is not available, establish
the tunnel using IP/DNS name two. Is ...
We are still on 6.2.2 and considered the message as cosmetic issue - did
not find any way to acknowledge the message "This FortiGate has taken
over for the original master" or to hide it. Since we did not have a
power disruption, I can't say anything...
OK thanks, I see. In that case it was Fortigate to another vendor, so I
think checking if the traffic is sent over the tunnel might be the most
of what I can do. Best Regards cust0m
Thanks, looks like a very simple solution and works great :) Let's say
I'm trying to ping from 192.168.1.1 to 10.0.0.1 (no NAT involved) and I
start the sniffer on the IPsec interface. Is it guaranteed that the
traffic is sent over the tunnel, If I s...
Thank you very much for your help - we will look at the opposite end of
the tunnel. That means trying to get the tunnel working together with
our customer :)
Hi, thanks for the suggestion!For version 6.0.8, I had to change "dst"
to "daddr" and "src" to "saddr" in order to not get a syntax error. The
other commands worked. Within the log output, I could see the message
"enter IPsec interface-". So from my ...
