Technical Tip: VXLAN over IPsec for multiple VLANs...

sagha · 08-20-2025

Description This article explains why link-monitor, when appearing as dead, fails to remove the route when more than one is configured with the command 'set route' under 'config system link-monitor'. Scope FortiGate v7.0, v7.2. Solution Link monitor ...

sagha · 07-15-2025

Description This article explains how port mirroring can be configured for NP7 platforms on ISF. Scope NP7 FortiGate. Solution It is possible to run a sniffer on the FortiGate to capture packets as explained here: Troubleshooting Tip: Using the Forti...

sagha · 06-26-2025

Description This article explains a scenario where an explicit proxy may fail on a Loopback if there is a captive portal config on the incoming interface. Scope FortiGate. Solution A loopback interface is configured and has explicit proxy enabled: co...

sagha · 05-14-2025

Description This article explains how to work around when changing the 'ip-fragmentation' settings for a Dial-up IPsec VPN tunnel is not taking effect immediately. Scope FortiGate Solution Consider the following setup: On the Hub location, a dynamic ...

sagha · 04-18-2025

Description This article describes how it can be avoided to SNAT all traffic to VIP extip with 'set snat-source-vip enabled' and central-snat is enabled on the FortiGate. Scope FortiOS. Solution As explained in this article, Technical Tip: How to use...

sagha · 02-01-2023

Hi Balazs, The selection of FOS is usually based on the requirements or features you are going to use. The latest version is 7.2 I would suggest going through the release notes that highlight any known issues. If there are known issues that are point...

sagha · 01-09-2023

Hi CustomX, For this, you will have to check how the traffic is getting routed and might need Firewall policies with NAT between two interfaces. This way you can perform source NAT and change the source as you like by either using the IP address of t...

sagha · 01-02-2023

Hi Ranjith, This article might help: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-per-VDOM-DNS/ta-p/190815 Thank you. Shahan

sagha · 01-02-2023

Hi mhanna, A static route is necessary to ensure that traffic is going via the correct interface. In the VPN setting, for phase2 when you add a local subnet and a remote subnet, this ensures that traffic between these two subnets can flow over the VP...

sagha · 10-25-2022

Hi ychsiao, Please raise a support case so TAC can look into this. Thank you. Shahan

User Statistics

User Activity

Technical Tip: Link-monitor when failing does not remove routes from routing-table if more than one route is configured

Troubleshooting Tip: Port mirroring on the NP7 FortiGate platforms for the ISF (Integrated Switch Fabric)

Technical Tip: Explicit Proxy configured on a Loopback Interface fails because of captive portal config on incoming interface

Technical Tip: Phase1 'set ip-fragmentation' settings for a Dial-Up IPsec VPN Tunnel not taking effect immediately

Technical Tip: Avoiding all traffic getting SNAT'ed to VIP extip when 'set nat-source-vip enable' is configured with central-snat enabled

Re: Pick the proper fortigate OS

Re: Fortigate routes IPSEC traffic through DMZ interface

Re: Add Multiple DNS IP in Fortigate Fw

Re: Static Route for IPSecVPN

Re: Fortigate 101F NP6XLITE error xaui.sdsn

Technical Tip: VXLAN over IPsec for multiple VLANs...

Technical Tip: GUI is not reachable after an upgra...

Technical Tip: Multiple default routes where SD-WA...

Troubleshooting Tip: FortiGate losing logs or even...

Troubleshooting Tip: BGP next hop showing as 0.0.0...

Re: Fortigate MGMT (dedicated) access over IPSEC

Re: how to reset hit counts for SD-WAN rules?

Re: Sniffer theory: incomming packets are seen on ...

Re: DNAT supported on Fortigate 40F?

Re: accessing site to site VPN network while conne...

KCS

User Statistics

User Activity

You are leaving our website