Fortinet Community

akristof · 08-08-2019

PurposeThis article explains how to connect OSPF areas using a virtual-link.Indeed, in OSPF rules, all areas need to be connected directly to Area 0 (backbone). But in some cases, it is not possible to physically connect area to backbone. For this pu...

akristof · 07-26-2019

DescriptionThis article explains how to have IPsec tunnel to be part of the SD-WAN, with the tunnel in type ddns (as remote site does not have static IP address and using ddns feature).SolutionThis KB is focused on problem with SD-WAN static route, w...

akristof · 04-04-2019

DescriptionThis article describes how VRRP is able to monitor and check if a subnet is unreachable, decrease priority of the current route master so new route master can be elected. ScopeFortiGate does not use active ping monitor to determine if subn...

akristof · 01-21-2022

Hi, Usually, if this log appears, it means that FortiGate is trying to "deliver packet to itself". So verify, if IP address 10.1.2.239 does belong to some interface of FortiGate - if yes, if it is not duplicate IP address, you will need to enable adm...

akristof · 01-18-2022

Hello, In general, you need to check these things: - Enabled management on interface - allow ping, HTTPS, SSH - Allow traffic from Ipsec tunnel to this interface - including these service - Verify that no local-in policy is configured that could bloc...

akristof · 01-13-2022

Hello, Thank you for question. I think this depends on your own network design or future design. You need to consider how many ports you will use right away (how many access switches you will connect), will you use LACP and how many ports you want to...

akristof · 01-12-2022

Hello, I am still not sure which scenario you have. If first when you want to block traffic on same subnet, then FortiGate is not able to block traffic that it doesn't see. So only if you would force all traffic traversing via FortiGate, then you can...

akristof · 01-11-2022

Hello, Thank you for your question. If you want to block only traffic between servers that are in same network as dmz interface port5, you will not be. Because in that case traffic between servers is staying in local lan, not reaching FortiGate. If y...

Fortinet Community

User Statistics

User Activity

Technical Tip: OSPF with virtual-link

Technical Tip: SD-WAN with DDNS type IPsec

Technical Tip: VRRP - Active failover with VRDST with blackhole routing

Re: Inter subnet communication

Re: Cannot access fortigate over IPSEC

Re: How many ports are enough for Distribution Layer Switch?

Re: Block intra network traffic

Re: Block intra network traffic

Re: How many ports are enough for Distribution Lay...

Re: sd-wan and non sd-wan interfaces together

Re: Fortigate 400E HA sync issue

Re: sd-wan and non sd-wan interfaces together

News & Articles

Security Research

Company

Contact Us