Description This article describes the behavior of self-generated
traffic in FortiGate devices with regards to Virtual Routing and
Forwarding (VRF) instances. It outlines how FortiGate selects routes
when multiple paths to a specific destination exis...
Description This article describes the default behavior and settings of
'set passive' specifically in the BGP neighbor-group. Scope FortiGate.
Solution The BGP neighbor group is a collection of BGP neighbors that
share common configurations and polic...
Description This article describes how to enable and capture debug
information for troubleshooting IKE negotiation failures on a FortiGate
device. IKE debugging can be useful in identifying configuration errors,
negotiation failures, and issues relat...
Description This article describes the process of mapping an IPv4
address to an IPv6 address using NAT64. Specifically, it explains how to
configure a VIP (Virtual IP) address range where the external IPv6
address uses embedded IPv4 addresses. Scope ...
Description This article describes the steps to configure NAT66 on a
FortiGate device, including the necessary firewall policies and
configuration steps along with troubleshooting commands. Scope
FortiGate. Solution NAT66 (Network Address Translation...
Hello Tanlee, By default, SD-WAN rules will select a member only if
there’s a valid route to the destination through that member. Since your
WAN2 interface has an administrative distance (AD) of 10, and WAN1 with
administrative distance (AD) of 5; th...
Hello Salam, To differentiate connections or route traffic specifically
to various internal servers offering different services, the extport
must be configured identically in your case. In the example specified
above, the extport has been mistakenly ...
Hello Salam, To achieve this configuration on FortiGate, follow these
steps using FortiGate's Virtual IPs (VIPs) and Firewall Policies: 1.
Create VIPs: Each VIP entry maps the incoming requests on the specified
external IP (your public IP) to the des...
Hi Usman, The FortiGuard Antivirus Service uses Content Pattern
Recognition Language (CPRL) to boost both the accuracy and speed of
threat detection, going beyond what traditional signature-based methods
can offer, especially for more sophisticated t...
Hello, Yes, your understanding is correct. In order for the FortiGate
antivirus profile to scan encrypted files, SSL/SSH decryption must be
enabled to decrypt the traffic for inspection. Without decryption, the
antivirus profile cannot scan encrypted...