Description This article describes that after enabling DPDK high CPU
usage can be observed. Scope FortiGate. Solution After enabling DPDK
high CPU usage (up to 100%) can be observed. All CPU cores will be
loaded by ipsengine. This is an expected beha...
Description This article describes why the IPsec tunnel between
FortiGate and iOS/iPadOS devices is terminated when the iOS/iPadOS
device screen is locked. Scope FortiOS, iOS, iPadOS. Solution It is
expected behavior that the IPsec tunnel between For...
Description This article explains details about port combination link
aggregation group (LAG) support for FortiGate-600F and 601F hardware
platforms. Scope Any supported version of FortiGate. Solution Both the
FortiGate-600F and 601F platforms suppor...
Description This article explains details about the output of get system
performance status. Scope FortiGate. Solution This article will use the
following example output from the get system performance status command:
get system performance status CP...
DescriptionThis article describes how to sniff traffic on MacOS using
Wireshark.ScopeFor MacOS.SolutionMany Fortinet customers are running
MacOS. While troubleshooting Fortinet TAC may ask to sniff the traffic
on the PC running MacOS.In order to snif...
Hello, You may find useful KBs below: FGCP:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/849059/ha-heartbeat-interface
("Configuring HA heartbeat encryption and authentication" section) FGSP:
https://community.fortinet.com/t5/Customer...
Hello, You may find useful the article below:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Remote-browsing-over-IPSec-VPN-tunnel/ta-p/190719
Hello, Both options are possible. Secondary IP address can be used for
IPsec tunnel:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-IPsec-VPN-settings-on-a-secondary/ta-p/189807
Secondary IP address can be used as VIP:
htt...
Hello, On firewall side everything looks good. I can see that firewall
policy 7 is matched. ICMP packet is received (TONY-VPN) and sent out
(interface lan). However firewall doesn't receive ICMP reply. I would
recommend to check whether ICMP is filte...
Hello, I think that IPsec wizard "Site to Site" -> "This site is behind
NAT" (for both units) will work as long as port forwarding is configured
properly on both 5G routers.