Fortinet Community

mricardez · 03-02-2023

Description This article describes how to troubleshoot the IPS signature matching which can give visibility of triggered IPS alerts. Scope IPS Engineer v7.0 and earlier. Solution When the UTM IPS profile is enabled in the firewall policies, it is pos...

mricardez · 03-01-2023

Description This article describes how to create a custom IPS signature to block through the SNI (Server Name Indication) of TLS extension a HTTPS connection or those TLS connection where the SNI header is used during the TLS handshake. Scope FortiGa...

mricardez · 07-25-2022

Description This article describes how to troubleshoot in FortiOS the DNS Transfer zone from DNS Master authoritative. Scope FortiOS 7.0 and earlier. Solution The FortiOS can be the slave for a DNS zone and transfer all the records from the Master. T...

mricardez · 06-16-2022

Description This article discusses the reason SSL VPN Bookmark failed when IP Pool is used in the policy. Scope FortiOS 6.4.9, 7.0.1, 7.2.0 and earlier. Solution Working with SSL VPN Web Mode, create a personal Bookmark to connect internal resources....

mricardez · 03-22-2022

Description This article describe how to troubleshoot in FortiOS DHCPv6 Prefix Delegation. Scope FortiOS 6.0, 6.2 and earlier. Solution Some ISP can provide an IPv6 address through dynamic addressing mechanism and additional delegate an IPv6 prefix t...

mricardez · 03-11-2022

Hi The following topology with fortiswitch could be help "HA-mode FortiGate units in different sites" https://docs.fortinet.com/document/fortiswitch/7.0.4/devices-managed-by-fortios/780635/switch-redundancy-with-mclag#HA-mode3 Regards

mricardez · 01-27-2022

Hi, The LACP PDUs are packets on L2, so in order to allow the forward of L2 on fortigate VWP, you can try enabling l2forward at interface level. You also needs to consider forward arp packets. config system interfaceedit set l2forward enableend confi...

mricardez · 01-04-2022

The log entries are addressing the user login and login source from the device detection/identification feature (enabled at the interface). - The logs of uthusersource="kerberos" is collected from traffic kerberos on the authentication process betwee...

Fortinet Community

User Statistics

User Activity

Troubleshooting Tip: Indentify the IPS signature matching context

Technical Tip: Custom IPS signature to block TLS SNI of Client Hello

Troubleshooting Tip: Troubleshoot DNS Transfer zone from DNS Master

Technical Tip: VPN SSL Bookmark using ippool to applied SNAT.

Troubleshooting Tip: DHCPv6 Prefix Delegation

Re: active-passive deployment in different site

Re: Virtual Wire and LACP

Re: Meaning of unauthuser and unauthusersource

Re: Meaning of unauthuser and unauthusersource

Fortinet Training Institute