Description This article describes why FSSO user do not match firewall
policy even though the connector is UP. Here you can see 50+
Users/groups have been populated and used in the firewall policy. FSSO
CA Connector Status Below is the firewall polic...
Description This article discusses the scenario when users do not match
the firewall policy that has active authentication. Scope Active
authentication means that users are prompted to manually enter their
credentials before being granted access. Whe...
Description This article describes the need to enable deep-inspection to
see the bytes received in the web filter traffic logs. Scope FortiProxy
web filter log. Solution To see the bytes received for the web filter
traffic logs, it will be necessary ...
Description This article describes why FortiGate is forwarding DNS
queries for blocking or banning domains to the DNS servers. Scope
FortiGate DNS. Solution There are instances that the FortiGate is
sending DNS queries to the configured DNS servers f...
Description This article describes how to allow SSL VPN users to use
FortiGate as a DNS server. Scope FortiGate and SSL VPN Solution There
are instances where FortiGate is used for internal DNS servers. To allow
SSL VPN users to use FortiGate as a DN...
Hi @MeoDub , If you looking for UDP/4500 for IPSec it would be IKE
service. The IKE service includes UDP/500 UDP/4500. How exactly the
connection would be? Is the traffic initiated from internal to external?
regards,
Hi @networm , I believe mac address base policy is what you are looking
for. Try checking the following link guide.
http://docs.fortinet.com/document/fortigate/7.2.7/administration-guide/407159
best regards,
Hi Ahmad, So you are hosting a webserver behind the Fortigate? You need
to make sure if the domain/url is resolvable to an IP. On the Fortigate
create VIP to map it out. Check the following KB for the VIP config
portion.
https://community.fortinet.co...
Hi @rayha , Could you take a look at this KB article of step 3 and step
4? Here we can make sure packet is hitting the Fortigate and if
Fortigate is forwarding it out.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-tro...
Hello, FOS version 6.4 and newer version you can have the inspection
mode per policy.
http://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/366651
The following helps explaining the different explained inspection mode.
http://docs.fo...