Technical Tip: IPSec VPN NAT-traversal

alif · 08-21-2025

Description This article describes a Kernel panic observed on FortiGate-7x. Scope FortiGate-7xF. Solution When FortiGate-7x is powered off by running the 'execute shutdown' command, the following Kernel panic is observed. FortiGate-71F # exec shutdow...

alif · 07-29-2025

Description This article describes the unusual behavior where the decrypted packets/bytes counter is reporting incorrect values in 'diagnose vpn tunnel list name ' output. Scope FortiGate. Solution Once the IPsec VPN tunnel is established, the 'diagn...

alif · 06-20-2025

Description This article explains the behavior of fragmented packets seen in packet capture on FortiGate. Scope FortiGate. Solution Consider the traffic flow as follows: Client --> Switch --> FortiGate-HW --> Azure Express Route --> FortiGate-VM (Azu...

alif · 05-15-2025

Description This article describes the functionality of interface-policy on FortiGate. Scope FortiGate. Solution Consider an interface-policy configured on FortiGate as follows: config firewall interface-policy edit 1 set uuid b7c08d6c-1491-51f0-a0a2...

alif · 04-15-2025

Description This article describes why an eBGP peer may not change the next hop to itself due to the BGP NEXT_HOP attribute. Scope FortiGate. Solution An eBGP router always uses its own IP address as the next hop address when advertising a route. Con...

alif · 11-07-2024

hi @ganesh_karale , It sounds like an unexpected behavior. Please open a ticket with Fortinet TAC and share the configuration along with the screenshot of the error for further investigation.

alif · 06-24-2024

Hi @aguerriero, Please disable offloading on firewall policy and see if the issue persists. If possible, please upgrade to FortiOS 7.4 version as well as it could be something specific on 7.2.

alif · 10-26-2023

Hi @RolandBaumgaertner72 , well it totally depends how you would prefer to have the setup. Without SD-WAN, you can modify the distance/priority settings as explained in the below link. https://community.fortinet.com/t5/FortiGate/Technical-Note-Routin...

alif · 10-26-2023

Hi @RolandBaumgaertner72 Thank you for reaching out the Fortinet community. If you prefer one WAN link over another, you can configure SD-WAN rules to prioritize traffic. SD-WAN rules are checked from top to bottom (first match). https://docs.fortine...

alif · 09-28-2023

hi @chendewu_520 There are only two methods supported for activating via FortiToken; Email and SMS.

User Statistics

User Activity

Technical Tip: Kernel Panic on FortiGate-7xF running v7.4.8

Technical Tip: 'diagnose vpn tunnel list name <tunnel_name>' is not reporting decrypt packets/bytes correctly

Technical Tip: Interpreting 'Fragmented IP protocol' in FortiGate packet capture

Technical Tip: Functionality of Interface-Policy on FortiGate

Troubleshooting Tip: BGP next hop not changing for an eBGP peer

Re: WebSocket is closed before the connection is established

Re: 200F, 7.2.8, EMAC VLANS, and Ansible HTTPAPI with intermittent failures

Re: SD WAN Configuration

Re: SD WAN Configuration

Re: The 2FA code activation email was blocked

Technical Tip: IPSec VPN NAT-traversal

Technical Tip: Network Processors (NP) / Hardware ...

Technical Tip: Instability of IPsec VPN Tunnels te...

Technical Tip: How to identify inactive routes in ...

Technical Tip: HA session failover (session pickup...

Re: MAC device and source zone

Re: Fortigate with older firmware stood new Fortic...

Re: "session clashed" issue in SDWAN configuration

Re: forticlient VPN on MacOS 10.14.6 white blank s...

Re: Setup Fortigate to communicate to Fortiweb

KCS

User Statistics

User Activity

You are leaving our website