DescriptionSince FortiOS 5.0.3, when configured to not do HTTPS deep
scan (no man in the middle) SSL inspection has been improvedNow, FortiOS
checks also the server name in the client Hello from the SSL
negotiation. This is called SNI/CN method (Serv...
DescriptionIt is possible to configure the FortiGate to send an SNMP
trap when its configuration is not synchronized with the FortiManager
database.ScopeSolutionThe specific event type is called
"fm-conf-change"CLI configuration (only) : config syste...
DescriptionIn some specific configuration, HTTP and HTTPS ports are not
the standard ones (80 and 443).Following is an example with a Fortigate
in Transparent before a web proxy :< LAN >-----[ FGT-inTP ]------[
Web-Proxy - HTTP 8080 / HTTPs 8181 ]---...
DescriptionWhen troubleshooting connectivity issues through a Fortigate,
the "diagnose debug flow" command output may show that all sessions from
a host are blocked by the Fortigate because the host MAC address is
being blacklisted.Example : 2010-03-...
DescriptionWhen configuring LDAP authentication on FortiGate, the
"ldap-memberof" attribute can be used to check the user group membership
to grant access accordingly.For example:config user group edit "first"
set group-type sslvpn set ldap-memberof