Fortinet Community

DescriptionSince FortiOS 5.0.3, when configured to not do HTTPS deep scan (no man in the middle) SSL inspection has been improvedNow, FortiOS checks also the server name in the client Hello from the SSL negotiation. This is called SNI/CN method (Serv...

DescriptionIt is possible to configure the FortiGate to send an SNMP trap when its configuration is not synchronized with the FortiManager database.ScopeSolutionThe specific event type is called "fm-conf-change"CLI configuration (only) : config syste...

DescriptionIn some specific configuration, HTTP and HTTPS ports are not the standard ones (80 and 443).Following is an example with a Fortigate in Transparent before a web proxy :< LAN >-----[ FGT-inTP ]------[ Web-Proxy - HTTP 8080 / HTTPs 8181 ]---...

DescriptionWhen troubleshooting connectivity issues through a Fortigate, the "diagnose debug flow" command output may show that all sessions from a host are blocked by the Fortigate because the host MAC address is being blacklisted.Example : 2010-03-...

DescriptionWhen configuring LDAP authentication on FortiGate, the 'ldap-memberof' attribute can be used to check the user group membership to grant access accordingly.For example: config user group edit "first" set group-type sslvpn set ldap-memberof...