Description This article describes sets to configure interface
monitoring on a Fortinet High Availability (HA) cluster. Scope FortiOS.
Solution When a monitored interface goes down, it triggers a failover,
which causes the cluster to renegotiate and ...
Description This article describes the behavior and configuration
details for setting the MTU on VXLAN interfaces when using a physical or
loopback interface as the underlying interface. This document also
provides step-by-step guidance on adjusting ...
Description This article describes that in OSPF, Type 5 LSAs
(AS-external-LSA) are used to advertise external routes into the OSPF
domain. When a route is redistributed into OSPF from BGP, the default
behavior is to set the next-hop IP address of the...
Description This article describes the behavior of self-generated
traffic in FortiGate devices with regards to Virtual Routing and
Forwarding (VRF) instances. It outlines how FortiGate selects routes
when multiple paths to a specific destination exis...
Description This article describes the default behavior and settings of
'set passive' specifically in the BGP neighbor-group. Scope FortiGate.
Solution The BGP neighbor group is a collection of BGP neighbors that
share common configurations and polic...
Hello Tanlee, By default, SD-WAN rules will select a member only if
there’s a valid route to the destination through that member. Since your
WAN2 interface has an administrative distance (AD) of 10, and WAN1 with
administrative distance (AD) of 5; th...
Hello Salam, To differentiate connections or route traffic specifically
to various internal servers offering different services, the extport
must be configured identically in your case. In the example specified
above, the extport has been mistakenly ...
Hello Salam, To achieve this configuration on FortiGate, follow these
steps using FortiGate's Virtual IPs (VIPs) and Firewall Policies: 1.
Create VIPs: Each VIP entry maps the incoming requests on the specified
external IP (your public IP) to the des...
Hi Usman, The FortiGuard Antivirus Service uses Content Pattern
Recognition Language (CPRL) to boost both the accuracy and speed of
threat detection, going beyond what traditional signature-based methods
can offer, especially for more sophisticated t...
Hello, Yes, your understanding is correct. In order for the FortiGate
antivirus profile to scan encrypted files, SSL/SSH decryption must be
enabled to decrypt the traffic for inspection. Without decryption, the
antivirus profile cannot scan encrypted...
