Technical Tip: FortiGate OSPF – Effect of 'databas...

akileshc · 11-14-2025

Description This article describes a common configuration mistake when forwarding SSL VPN traffic into an IPsec tunnel in Hub-and-Spoke deployments using dynamic routing. Scope FortiOS. Solution Administrators often configure a loopback interface wit...

akileshc · 11-13-2025

Description This article explains how to configure a FortiGate load balancer to forward traffic to the same backend server that listens on multiple ports. Scope FortiGate. Solution It is not possible to configure multiple real servers with the same I...

akileshc · 11-03-2025

Description This article describes how to use BGP communities and route maps to control route advertisement in a Dual HUB ADVPN setup. The solution ensures that spokes with a single ISP connection do not receive routes with a next-hop IP that is only...

akileshc · 10-24-2025

Description This article describes the behavior when virtual-patch is enabled in a local-in policy, ICMP response packets may egress through a different interface than the one they were received on. Scope FortiGate running FortiOS version 7.2.9, 7.2....

akileshc · 07-21-2025

Description This article explains why the 'Interface Per View' option is not available on the Virtual Wire Pair Policy page in FortiGate. This behavior is part of the current design. Scope FortiGate v7.6.0 and above. Solution On the Virtual Wire Pair...

akileshc · 11-24-2025

Hi Maryann, You’ve applied the DSCP marking correctly on the traffic shaper, and your understanding is right — that method only marks the Layer-3 outer IP header. Since VXLAN encapsulates the original frame at Layer-2, the FortiGate does not provide ...

akileshc · 11-13-2025

Dear Daniyal, When using FortiManager SD-WAN overlay templates, the configuration is template-driven, meaning FortiManager generates and pushes the overlay setup (including tunnels, BGP, and related interfaces) to the participating devices. Since you...

akileshc · 10-27-2024

Hello Tanlee, By default, SD-WAN rules will select a member only if there’s a valid route to the destination through that member. Since your WAN2 interface has an administrative distance (AD) of 10, and WAN1 with administrative distance (AD) of 5; th...

akileshc · 10-27-2024

Hello Salam, To differentiate connections or route traffic specifically to various internal servers offering different services, the extport must be configured identically in your case. In the example specified above, the extport has been mistakenly ...

akileshc · 10-27-2024

Hello Salam, To achieve this configuration on FortiGate, follow these steps using FortiGate's Virtual IPs (VIPs) and Firewall Policies: 1. Create VIPs: Each VIP entry maps the incoming requests on the specified external IP (your public IP) to the des...

User Statistics

User Activity

Technical Tip: Common mistake when forwarding SSL VPN Traffic Into IPsec tunnel in dynamic routing deployments

Technical Tip: Configuring multiple ports for the same real server in FortiGate load balancing

Technical Tip : Configuring BGP Community-Based Route Filtering for Single-ISP Spokes in a Dual HUB ADVPN Network

Technical Tip: ICMP Responses do not follow the incoming interface for Traffic directed to FortiGate when Virtual-patch is enabled

Technical Tip: Interface Per View is not supported for Virtual Wire Pair (VWP) policies

Re: DSCP Marking on the IPv4 frame within a VXLAN interface

Re: Fortigate Dual Hub Using sdwan and Fortimanager

Re: FG 81E - SD-wan rule with manual select member does not hit.

Re: Publishsing multiple Web sites using FortiGate and FortiWeb and only one public IP

Re: Publishsing multiple Web sites using FortiGate and FortiWeb and only one public IP

Technical Tip: FortiGate OSPF – Effect of 'databas...

Technical Tip: Configuring NAT64 using External IP...

Re: Invalid DHCP range. Start address is greater t...

Re: How to show current foreground/background acti...

Re: Hub and Spoke SDWAN? (remote and local IP on v...

Re: Multicast Issue in Layer 2: VLC Not Receiving ...

Re: Invalid DHCP range. Start address is greater t...

Re: Please Help Me Get Fiber IPv6 working

Re: Why is an event marked as Unhandled if DNS req...

Re: Fortigate60D, following file is found.

KCS

User Statistics

User Activity

You are leaving our website