Technical Tip: IPSec VPN NAT-traversal

alif · 12-17-2025

Description This article describes a known issue with IKEv2 dialup IPsec VPN that does not select the correct peer when using aes256gcm-prfsha proposal under phase1 settings on FortiGate. Scope FortiGate. Solution Consider an example where there are ...

alif · 11-22-2025

Description This article describes that FortiGate sends multiple phase2 selectors when traffic is initiated from FortiGate, although a single phase2 selector is configured. Scope FortiGate. Solution Consider phase2 selector configured on FortiGate as...

alif · 10-22-2025

Description This article describes how to resolve an issue when FortiExtender configuration is lost following a firmware upgrade on FortiGate-50G-DSL. Scope FortiExtender, FortiGate. Solution When upgrading FortiGate-50G-DSL from FortiOS v7.0.17 to F...

alif · 09-23-2025

Description This article describes the FortiGate compliance with BSI TR-02102-3 (2025-01). Scope FortiGate. Solution The following IKEv2 proposals running on FortiGate are considered compliant with the latest cryptographic recommendations outlined in...

alif · 08-21-2025

Description This article describes a Kernel panic observed on FortiGate-7x. Scope FortiGate-7xF. Solution When FortiGate-7x is powered off by running the 'execute shutdown' command, the following Kernel panic is observed. FortiGate-71F # exec shutdow...

alif · 11-07-2024

hi @ganesh_karale , It sounds like an unexpected behavior. Please open a ticket with Fortinet TAC and share the configuration along with the screenshot of the error for further investigation.

alif · 06-24-2024

Hi @aguerriero, Please disable offloading on firewall policy and see if the issue persists. If possible, please upgrade to FortiOS 7.4 version as well as it could be something specific on 7.2.

alif · 10-26-2023

Hi @RolandBaumgaertner72 , well it totally depends how you would prefer to have the setup. Without SD-WAN, you can modify the distance/priority settings as explained in the below link. https://community.fortinet.com/t5/FortiGate/Technical-Note-Routin...

alif · 10-26-2023

Hi @RolandBaumgaertner72 Thank you for reaching out the Fortinet community. If you prefer one WAN link over another, you can configure SD-WAN rules to prioritize traffic. SD-WAN rules are checked from top to bottom (first match). https://docs.fortine...

alif · 09-28-2023

hi @chendewu_520 There are only two methods supported for activating via FortiToken; Email and SMS.

User Statistics

User Activity

Technical Tip: IKEv2 dial-up IPsec VPN does not select the correct peer with aes256gcm-prfsha proposal

Technical Tip: FortiGate IKEv2 sending multiple phase2 selectors although single phase2 selector is configured

Troubleshooting Tip: FortiExtender configuration gets removed while upgrading from FortiOS v7.0.17 to v7.4.8 on FortiGate-50G-DSL

Technical Tip: FortiGate compliance with BSI TR-02102-3 (2025-01)

Technical Tip: Kernel Panic on FortiGate-7xF running v7.4.8

Re: WebSocket is closed before the connection is established

Re: 200F, 7.2.8, EMAC VLANS, and Ansible HTTPAPI with intermittent failures

Re: SD WAN Configuration

Re: SD WAN Configuration

Re: The 2FA code activation email was blocked

Technical Tip: IPSec VPN NAT-traversal

Technical Tip: Network Processors (NP) / Hardware ...

Technical Tip: HA session failover (session pickup...

Technical Tip: Configuring the Firewall Policy Rou...

Technical Tip: Instability of IPsec VPN Tunnels te...

Re: MAC device and source zone

Re: Fortigate with older firmware stood new Fortic...

Re: "session clashed" issue in SDWAN configuration

Re: forticlient VPN on MacOS 10.14.6 white blank s...

Re: Setup Fortigate to communicate to Fortiweb

KCS

User Statistics

User Activity

You are leaving our website