Hello I have a VIP for the server SCMAAS01 (10.128.0.30) where external
IP is 10.146.136.30 and internal is 10.128.0.30. This VIP is just used
in a policy (id 49) from an IPsec tunnel. (VPN_2_ETA) to internal
interface (SERVER) for all protocols. For...
Hello. we have a Nagios Server 172.20.11.158 who need to ping/check
172.16.181.59. When I debug the traffic, we can see that the traffic is
allowed by policy-63 and a route is found via "INTERCO_OLD_DC". I never
seen the trafic after routing on the r...
Hello all I found a very strange behavior. I have a Fortigate with VDOM
enabled. In my VDOM named C1_INFRA, I have some VLAN interfaces. Each of
these vlan interfaces are PING access enabled. The VLAN interface is
aloways the gateway for the subnet. ...
Hi guys ! I asked mysef about best practices and recommandation about
the basic configuration of logging on low end fortigate (30E -> 100E.
for example). I bought a lot of Fortigate with an hard disk to be able
to save logs on disk instead of RAM. Bu...
Hello all ! I have a personal FortiWifi 30E running 5.6.2 and I
experienced some issues with Whatsapp. I have a policy that allow my
local subnet to go outside using HTTP/HTPS/DNS and some other ICMP
protocol. I installed a lot of firewall for some c...
Hello ! I noticed the same problem using Fortigate VM01V. I tried all
release from 6.0.9 to 6.4.1 but we are unable to correctly bookmark a
RDS farm with a broker. My workaround is to use a HAproxy in front of
RDS then create the RDP bookmark to HApr...
Hello. I have the same problem. I running 5.6.x and strong crypto is
enabled admin-ssh-v1 disable but a lot of weak crypto are still present.
I opened a ticket to the support. I think you can set to "disable" the
global setting "ssh-kex-sha1" to prev...
Hello. I found a workaround for this problem. I created a DoS Policy for
my nagios server for allowing ICMP traffic with higher limit... I am not
sure that is the best solution but it seems working for me.
yes and I guess I found my problem: When using vip without Port
Forwarding enabled, the Internal IP address in the Mapped field would be
translated to the IP address configured as the External Address in the
VIP settings. I need to specify port-forwa...
no... I have dozen of other servers in the same vlan and all is working
fine. This server has a problem because it is the only one that have VIP
and specific NAT on it.
