Troubleshooting Tip: IPsec flapping or packet loss...

mricardez · 10-06-2025

Description This article explains how to add another BGP peer out of the SD-WAN provisioning templates. Scope FortiManager v7.4 and 7.6. Solution FortiManager v7.4 and FortiManager 7.6 use the SD-WAN Overlay Template wizard to create all the SD-WAN p...

mricardez · 09-25-2025

Description This article describes a color issue with the FortiAnalyzer GUI after upgrading to v7.4.3, 7.4.5, 7.4.6. Scope FortiAnalyzer v7.4.3 until 7.4.6. Solution After upgrading the FortiAnalyzer to 7.4.3, 7.4.5 or 7.4.6: the GUI shows a 'blue sc...

mricardez · 06-03-2025

Description This article describes how to interpret the uptimes using MCLAG CLIs. Scope FortiSwitch v7.0 and earlier. Solution The multichassis LAG (MCLAG) group LACP interfaces of two FortiSwitch (node-level redundancy). About MCLAG in FortiSwitch. ...

mricardez · 11-19-2023

Description This article describes the causes of IPSec flaps or packet loss occurring after performing an upgrade to FortiGate v7.0.13, v7.2.6, v7.4.1, or later versions. Scope FortiGate v7.0.13, 7.2.6, 7.4.1, and later versions. Solution Some custom...

mricardez · 10-17-2023

Description This article describes how FortiGate can function as a DNS server which is not a full-featured DNS server, instead working as a DNS proxy. Scope FortiGate v7.0 and earlier. Solution FortiGate can be used as a DNS Server on the network. It...

mricardez · 02-15-2024

SDNWA rules just to steer traffic from one zone to another. The firewall policy to configure security options, you can enable SNAT on it. https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/798274/configuring-firewall-policies-for...

mricardez · 02-15-2024

Hi le00nek, You can use Zone in SDWAN to separate wan members , in your setup you can use Zone > Underlay to Wan1 and Wan2 member Zone > Overlay IPSec1 and IPSec2 member Then you can reference the policies to your SDWAN Zone according your NAT requir...

mricardez · 03-11-2022

Hi The following topology with fortiswitch could be help "HA-mode FortiGate units in different sites" https://docs.fortinet.com/document/fortiswitch/7.0.4/devices-managed-by-fortios/780635/switch-redundancy-with-mclag#HA-mode3 Regards

mricardez · 01-27-2022

Hi, The LACP PDUs are packets on L2, so in order to allow the forward of L2 on fortigate VWP, you can try enabling l2forward at interface level. You also needs to consider forward arp packets. config system interfaceedit set l2forward enableend confi...

mricardez · 01-04-2022

The log entries are addressing the user login and login source from the device detection/identification feature (enabled at the interface). - The logs of uthusersource="kerberos" is collected from traffic kerberos on the authentication process betwee...

User Statistics

User Activity

Technical Tip: How to add a third BGP peer on FortiManager with SD-WAN provisioning templates

Troubleshooting Tip: FortiAnalyzer upgrade to 7.4.3, 7.4.5, 7.4.6 GUI shows a blue background color on the screen

Technical Tip: FortiSwitch how to interpret the uptimes of MCLAG