Technical Tip: How to block SSL VPN Connection fro...

darisandy · 12-08-2024

Description This article describes the behavior when changing the configuration on the Secondary unit of the HA Cluster. Scope FortiGate. Solution Two FortiGates can provide redundancy by configuring the units within the same HA Cluster. One will bec...

darisandy · 11-12-2024

Description This article describes how to do a packet capture when NP offload is enabled. Scope FortiGate. Solution During packet capture, there will be a scenario wherein not all expected packet was captured. This is because NP offload (hardware acc...

darisandy · 11-03-2024

Description This article describes what happens when ComLog files reach max file size. Scope FortiGate. Solution ComLog is a feature on certain FortiGate hardware modules that can record console output. Once it is enabled, it can record console outpu...

darisandy · 10-22-2024

Description This article describes how to troubleshoot one-way traffic over the IPSec tunnel between 2 FortiGates. Scope FortiGate. Solution Topology: The machine on subnet 10.122.0.0/20 can reach (ping) devices on subnet 10.171.0.0/20, but not the o...

darisandy · 10-18-2024

Description This article describes the steps on how to find missing subnets in the OSPF routing table. Scope FortiGate. Solution Topology: Traffic is sent from subnet 172.16.10.0/24 to 10.122.0.0/20. The debug flow shows RPF Check Failed: FGT-B # id=...

darisandy · 12-07-2023

The numbers on datasheet was done on lab environment and those are only a benchmark of what the hardware could possibly handle. But I believe only Fortigate product team know exactly how the test was done. For any capacity planning enquiries, I would...

darisandy · 12-07-2023

you can create VLAN interface (tagged interface) under that one physical interface https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-1q-on-a/ta-p/193893 after that you can specify the default route,wh...

darisandy · 12-07-2023

few articles you can read up about it : https://community.fortinet.com/t5/Support-Forum/why-do-we-assign-secondary-IP-address/m-p/219857 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interface/ta-p/226046

darisandy · 12-03-2023

Based on the available command you shared, I don't think it's possible. Once the ports are member of LACP interface, most likely that older version can't refer to the physical port anymore.

darisandy · 12-03-2023

It's a bit tricky to set management access on FGT Transparent Mode. You may want to check docs send by Minh for more detailed deployment. Usually when you have multiple VLAN going through FGT, you need to define forward domain. So the traffic will no...

User Statistics

User Activity

Technical Tip : Configuration Change on Secondary unit FortiGate HA Cluster

Troubleshooting Tip: Packet Capture IPSec traffic with NP Offload

Technical Tip: ComLog Files Overwrite old logs

Troubleshooting Tip: One-way traffic via the IPsec tunnel

Troubleshooting Tip: How to find missing subnet on OSPF Routing Table

Re: FG-60F Performance Questions

Re: Two ISPs different VLAN

Re: Fortigate Interface settings

Re: problem with HA monitored interface configuration for LACP interface

Re: About management IP settings in transparent mode

Technical Tip: How to block SSL VPN Connection fro...

Re: Remote RADIUS Server on a VPN

Technical Tip : Behaviour Change of SD-WAN Member ...

Technical Tip : BGP Routing process when 'Soft Rec...

Technical Tip : Configuration Change on Secondary ...

Re: Source Nat with destination port

Re: Integration of Fortigate with Zabbix

KCS