Technical Tip: IPSec VPN NAT-traversal

alif · 10-22-2025

Description This article describes how to resolve an issue when FortiExtender configuration is lost following a firmware upgrade on FortiGate-50G-DSL. Scope FortiExtender, FortiGate. Solution When upgrading FortiGate-50G-DSL from FortiOS v7.0.17 to F...

alif · 09-23-2025

Description This article describes the FortiGate compliance with BSI TR-02102-3 (2025-01). Scope FortiGate. Solution The following IKEv2 proposals running on FortiGate are considered compliant with the latest cryptographic recommendations outlined in...

alif · 08-21-2025

Description This article describes a Kernel panic observed on FortiGate-7x. Scope FortiGate-7xF. Solution When FortiGate-7x is powered off by running the 'execute shutdown' command, the following Kernel panic is observed. FortiGate-71F # exec shutdow...

alif · 07-29-2025

Description This article describes the unusual behavior where the decrypted packets/bytes counter is reporting incorrect values in 'diagnose vpn tunnel list name ' output. Scope FortiGate. Solution Once the IPsec VPN tunnel is established, the 'diagn...

alif · 06-20-2025

Description This article explains the behavior of fragmented packets seen in packet capture on FortiGate. Scope FortiGate. Solution Consider the traffic flow as follows: Client --> Switch --> FortiGate-HW --> Azure Express Route --> FortiGate-VM (Azu...

alif · 11-07-2024

hi @ganesh_karale , It sounds like an unexpected behavior. Please open a ticket with Fortinet TAC and share the configuration along with the screenshot of the error for further investigation.

alif · 06-24-2024

Hi @aguerriero, Please disable offloading on firewall policy and see if the issue persists. If possible, please upgrade to FortiOS 7.4 version as well as it could be something specific on 7.2.

alif · 10-26-2023

Hi @RolandBaumgaertner72 , well it totally depends how you would prefer to have the setup. Without SD-WAN, you can modify the distance/priority settings as explained in the below link. https://community.fortinet.com/t5/FortiGate/Technical-Note-Routin...

alif · 10-26-2023

Hi @RolandBaumgaertner72 Thank you for reaching out the Fortinet community. If you prefer one WAN link over another, you can configure SD-WAN rules to prioritize traffic. SD-WAN rules are checked from top to bottom (first match). https://docs.fortine...

alif · 09-28-2023

hi @chendewu_520 There are only two methods supported for activating via FortiToken; Email and SMS.

User Statistics

User Activity

Troubleshooting Tip: FortiExtender configuration gets removed while upgrading from FortiOS v7.0.17 to v7.4.8 on FortiGate-50G-DSL

Technical Tip: FortiGate compliance with BSI TR-02102-3 (2025-01)

Technical Tip: Kernel Panic on FortiGate-7xF running v7.4.8

Technical Tip: 'diagnose vpn tunnel list name <tunnel_name>' is not reporting decrypt packets/bytes correctly

Technical Tip: Interpreting 'Fragmented IP protocol' in FortiGate packet capture

Re: WebSocket is closed before the connection is established

Re: 200F, 7.2.8, EMAC VLANS, and Ansible HTTPAPI with intermittent failures

Re: SD WAN Configuration

Re: SD WAN Configuration

Re: The 2FA code activation email was blocked

Technical Tip: IPSec VPN NAT-traversal

Technical Tip: Network Processors (NP) / Hardware ...

Technical Tip: Configuring the Firewall Policy Rou...

Technical Tip: Instability of IPsec VPN Tunnels te...

Technical Tip: How to identify inactive routes in ...

Re: MAC device and source zone

Re: Fortigate with older firmware stood new Fortic...

Re: "session clashed" issue in SDWAN configuration

Re: forticlient VPN on MacOS 10.14.6 white blank s...

Re: Setup Fortigate to communicate to Fortiweb

KCS

User Statistics

User Activity

You are leaving our website