Troubleshooting Tip: IPsec flapping or packet loss...

mricardez · 11-19-2023

Description This article describes the causes of IPSec flaps or packet loss occurring after performing an upgrade to FortiGate v7.0.13, v7.2.6, v7.4.1, or later versions. Scope FortiGate v7.0.13, 7.2.6, 7.4.1, and later versions. Solution Some custom...

mricardez · 10-17-2023

Description This article describes how FortiGate can function as a DNS server which is not a full-featured DNS server, instead working as a DNS proxy. Scope FortiGate v7.0 and earlier. Solution FortiGate can be used as a DNS Server on the network. It...

mricardez · 07-30-2023

Description This article describes how to deny traffic from LAN devices from using the WAN interface in an SD WAN solution. Scope FOS v7.2.3 and earlier. Solution Usually, the focus of SD WAN solutions is to steer traffic between WAN interfaces using...

mricardez · 07-20-2023

Description This article describes how to reset the FSAE service on Windows devices. Scope FortiGate FSSO. Solution In some situations, it will be necessary to reset or stop the FSAE or CA service of FSSO on Windows devices. If the FSAE is running in...

mricardez · 07-12-2023

Description This article describes how to enable IPv6 support with IPv6. Scope FSAE v5.0.0282 and earlier. Solution FSSO supports IPv6 on the communication between the collector agent and FortiGate, TSAgent, and DCAgent, but also the IPV6 is included...

mricardez · 02-15-2024

SDNWA rules just to steer traffic from one zone to another. The firewall policy to configure security options, you can enable SNAT on it. https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/798274/configuring-firewall-policies-for...

mricardez · 02-15-2024

Hi le00nek, You can use Zone in SDWAN to separate wan members , in your setup you can use Zone > Underlay to Wan1 and Wan2 member Zone > Overlay IPSec1 and IPSec2 member Then you can reference the policies to your SDWAN Zone according your NAT requir...

mricardez · 03-11-2022

Hi The following topology with fortiswitch could be help "HA-mode FortiGate units in different sites" https://docs.fortinet.com/document/fortiswitch/7.0.4/devices-managed-by-fortios/780635/switch-redundancy-with-mclag#HA-mode3 Regards

mricardez · 01-27-2022

Hi, The LACP PDUs are packets on L2, so in order to allow the forward of L2 on fortigate VWP, you can try enabling l2forward at interface level. You also needs to consider forward arp packets. config system interfaceedit set l2forward enableend confi...

mricardez · 01-04-2022

The log entries are addressing the user login and login source from the device detection/identification feature (enabled at the interface). - The logs of uthusersource="kerberos" is collected from traffic kerberos on the authentication process betwee...

User Statistics

User Activity

Troubleshooting Tip: IPsec flapping or packet loss after upgrade FortiGate to v7.0.13, v7.2.6, v7.4.1 or later versions

Technical Tip: FortiGate DNS Server works as DNS proxy

Technical Tip: Deny traffic to a WAN interface on an SD WAN solution

Troubleshooting Tip: Reset the FSAE service on Windows devices

Technical Tip: FSSO IPv6 Support

Re: SDWAN with one WAN and IPSEC

Re: SDWAN with one WAN and IPSEC

Re: active-passive deployment in different site

Re: Virtual Wire and LACP

Re: Meaning of unauthuser and unauthusersource

Troubleshooting Tip: IPsec flapping or packet loss...

Re: SDWAN with one WAN and IPSEC

Technical Tip: FortiGate DNS Server works as DNS p...

Re: Meaning of unauthuser and unauthusersource

Troubleshooting Tip: Reset the FSAE service on Win...

Fortinet Training Institute

KCS