Technical Tip: How to block SSL VPN Connection fro...

darisandy · 10-22-2024

Description This article describes how to troubleshoot one-way traffic over the IPSec tunnel between 2 FortiGates. Scope FortiGate. Solution Topology: The machine on subnet 10.122.0.0/20 can reach (ping) devices on subnet 10.171.0.0/20, but not the o...

darisandy · 10-18-2024

Description This article describes the steps on how to find missing subnets in the OSPF routing table. Scope FortiGate. Solution Topology: Traffic is sent from subnet 172.16.10.0/24 to 10.122.0.0/20. The debug flow shows RPF Check Failed: FGT-B # id=...

darisandy · 09-25-2024

Description This article discusses the 'fabric-admin' Username on FortiGate with Security Fabric enabled. Scope FortiGate, Solution When Security Fabric is enabled, along with SSO features, FortiGate will have a 'fabric-admin' username created automa...

darisandy · 09-18-2024

Description This article describes the behavior of routing failover over the IPSec tunnel between FortiGate and Juniper. Scope FortiGate. Solution The scenario is there are 2 IPSec tunnels between FortiGate and Juniper. The static route is created be...

darisandy · 08-15-2024

Description This article describes how to configure default firewall policy action for Explicit Proxy policies Scope FortiGate. Solution Explicit Proxy Policy has an Implicit rule at the end of the list. Different from normal Firewall Policy, it can ...

darisandy · 12-07-2023

The numbers on datasheet was done on lab environment and those are only a benchmark of what the hardware could possibly handle. But I believe only Fortigate product team know exactly how the test was done. For any capacity planning enquiries, I would...

darisandy · 12-07-2023

you can create VLAN interface (tagged interface) under that one physical interface https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-1q-on-a/ta-p/193893 after that you can specify the default route,wh...

darisandy · 12-07-2023

few articles you can read up about it : https://community.fortinet.com/t5/Support-Forum/why-do-we-assign-secondary-IP-address/m-p/219857 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interface/ta-p/226046

darisandy · 12-03-2023

Based on the available command you shared, I don't think it's possible. Once the ports are member of LACP interface, most likely that older version can't refer to the physical port anymore.

darisandy · 12-03-2023

It's a bit tricky to set management access on FGT Transparent Mode. You may want to check docs send by Minh for more detailed deployment. Usually when you have multiple VLAN going through FGT, you need to define forward domain. So the traffic will no...

User Statistics

User Activity

Troubleshooting Tip: One-way traffic via the IPsec tunnel

Troubleshooting Tip: How to find missing subnet on OSPF Routing Table

Technical Tip : The 'fabric-admin' Username on FortiGate with Security Fabric enabled

Technical Tip: Redundant Routing over IPSec tunnels between FortiGate and Juniper

Technical Tip : How to change Default Firewall Policy Action for Explicit Proxy feature

Re: FG-60F Performance Questions

Re: Two ISPs different VLAN

Re: Fortigate Interface settings

Re: problem with HA monitored interface configuration for LACP interface

Re: About management IP settings in transparent mode

Technical Tip: How to block SSL VPN Connection fro...

Re: Remote RADIUS Server on a VPN

Technical Tip : Behaviour Change of SD-WAN Member ...

Technical Tip : BGP Routing process when 'Soft Rec...

Troubleshooting Tip: How to find missing subnet o...

Re: Source Nat with destination port

Re: Integration of Fortigate with Zabbix

KCS