Description This article describes one of the reasons why VLAN packets
are getting dropped on FortiGate. Scope FortiOS, FortiGate Solution In
this scenario, the packets show up on the sniffer but are not giving any
details for the reason of drop when...
Description This article describe that Certificate validation may fail
after upgrading ForitGate from 6.0 version to 6.2.version. Scope
FortiGate v6.0 and v6.2 Details Hub config: # config vpn ipsec
phase1-interface # edit "Test_HUB" # set type dynam...
Description This article describesthat Radius MFA may not work for the
user that is part of another LDAP group on FortiGate. The authentication
will work, however, not via Radius but with LDAP Scope Details SSL-VPN
config: # config vpn ssl setting se...
Description This article describes why FortiGate Radius authentication
may fail with Microsoft NPS as Radius server. Scope Fortigate Solution
The setup is as follow: 1. FortiGate is configured as Radius Client. 2.
Microsoft NPS is configured as a Rad...
Description This article describes how to configure VXLAN over IPsec for
multiple VLANs. Solution Virtual Extensible LAN (VXLAN) is a network
virtualization technology used in large cloud computing deployments. It
encapsulates OSI layer 2 Ethernet fr...
Hi, There seems to be an issue with communication between the two
devices as we can see alot P1_Retransmits. You need to check if you have
two way traffic between the FGT and remote host. Share the output of
this command: diagnose sniffer packet any ...
Hi, We do not see any traffic for FGT IP 10.1.0.1 which means traffic is
not reaching the FGT. Please do the following sniffer: diagnose sniffer
packet any 'host 10.1.0.1 and host 100.65.0.226 and port 161' 4 0 a
Thanks, Shahan Agha
Hi Tom, You have the option of configuring source-ip on FGT for locally
originated traffic. You can configure this for LDAP as well. config user
ldap edit set source-ip x.x.x.x end Details here:
Hello, Please check if the traffic is reaching FGT: diagnose sniffer
packet any 'port 161' 4 Also, please run the debugs: diag debug
application snmp -1 diag debug enable Please share them here, we can
verify it then. Thank you. Shahan
Hi Tom, Thank you for reaching out to us. Please clarify the sort of
traffic you are generating on FGT that is failing. You can share the
following debugs to see what FGT is doing with traffic: diag de flow
filter addr diag de flow trace start 1000 ...