Description This article describes how to troubleshoot one-way traffic
over the IPSec tunnel between 2 FortiGates. Scope FortiGate. Solution
Topology: The machine on subnet 10.122.0.0/20 can reach (ping) devices
on subnet 10.171.0.0/20, but not the o...
Description This article describes the steps on how to find missing
subnets in the OSPF routing table. Scope FortiGate. Solution Topology:
Traffic is sent from subnet 172.16.10.0/24 to 10.122.0.0/20. The debug
flow shows RPF Check Failed: FGT-B # id=...
Description This article discusses the 'fabric-admin' Username on
FortiGate with Security Fabric enabled. Scope FortiGate, Solution When
Security Fabric is enabled, along with SSO features, FortiGate will have
a 'fabric-admin' username created automa...
Description This article describes the behavior of routing failover over
the IPSec tunnel between FortiGate and Juniper. Scope FortiGate.
Solution The scenario is there are 2 IPSec tunnels between FortiGate and
Juniper. The static route is created be...
Description This article describes how to configure default firewall
policy action for Explicit Proxy policies Scope FortiGate. Solution
Explicit Proxy Policy has an Implicit rule at the end of the list.
Different from normal Firewall Policy, it can ...
The numbers on datasheet was done on lab environment and those are only
a benchmark of what the hardware could possibly handle. But I believe
only Fortigate product team know exactly how the test was done. For any
capacity planning enquiries, I would...
you can create VLAN interface (tagged interface) under that one physical
interface
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-1q-on-a/ta-p/193893
after that you can specify the default route,wh...
few articles you can read up about it :
https://community.fortinet.com/t5/Support-Forum/why-do-we-assign-secondary-IP-address/m-p/219857
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interface/ta-p/226046
Based on the available command you shared, I don't think it's possible.
Once the ports are member of LACP interface, most likely that older
version can't refer to the physical port anymore.
It's a bit tricky to set management access on FGT Transparent Mode. You
may want to check docs send by Minh for more detailed deployment.
Usually when you have multiple VLAN going through FGT, you need to
define forward domain. So the traffic will no...