Description This article describes how to use BGP communities and route
maps to control route advertisement in a Dual HUB ADVPN setup. The
solution ensures that spokes with a single ISP connection do not receive
routes with a next-hop IP that is only...
Description This article describes the behavior when virtual-patch is
enabled in a local-in policy, ICMP response packets may egress through a
different interface than the one they were received on. Scope FortiGate
running FortiOS version 7.2.9, 7.2....
Description This article explains why the 'Interface Per View' option is
not available on the Virtual Wire Pair Policy page in FortiGate. This
behavior is part of the current design. Scope FortiGate v7.6.0 and
above. Solution On the Virtual Wire Pair...
Description This article describes thehow to resolve the issue of SSL
VPN requests being dropped by the FortiGate. The problem occurs when the
firewall does not respond to requests on port 10443, despite the
local-in policy being configured to allow ...
Description This article describes the behavior when the
database-filter-out option is enabled on a FortiGate OSPF interface.
Scope FortiGate (All supported models/firmware). Solution The
database-filter-outOption option suppresses the transmission o...
Hello Tanlee, By default, SD-WAN rules will select a member only if
there’s a valid route to the destination through that member. Since your
WAN2 interface has an administrative distance (AD) of 10, and WAN1 with
administrative distance (AD) of 5; th...
Hello Salam, To differentiate connections or route traffic specifically
to various internal servers offering different services, the extport
must be configured identically in your case. In the example specified
above, the extport has been mistakenly ...
Hello Salam, To achieve this configuration on FortiGate, follow these
steps using FortiGate's Virtual IPs (VIPs) and Firewall Policies: 1.
Create VIPs: Each VIP entry maps the incoming requests on the specified
external IP (your public IP) to the des...
Hi Usman, The FortiGuard Antivirus Service uses Content Pattern
Recognition Language (CPRL) to boost both the accuracy and speed of
threat detection, going beyond what traditional signature-based methods
can offer, especially for more sophisticated t...
Hello, Yes, your understanding is correct. In order for the FortiGate
antivirus profile to scan encrypted files, SSL/SSH decryption must be
enabled to decrypt the traffic for inspection. Without decryption, the
antivirus profile cannot scan encrypted...
