Fortinet Community

sagha · 04-18-2022

Description This article describes one of the reasons why VLAN packets are getting dropped on FortiGate. Scope FortiOS, FortiGate Solution In this scenario, the packets show up on the sniffer but are not giving any details for the reason of drop when...

sagha · 02-08-2022

Description This article describe that Certificate validation may fail after upgrading ForitGate from 6.0 version to 6.2.version. Scope FortiGate v6.0 and v6.2 Details Hub config: # config vpn ipsec phase1-interface # edit "Test_HUB" # set type dynam...

sagha · 01-20-2022

Description This article describesthat Radius MFA may not work for the user that is part of another LDAP group on FortiGate. The authentication will work, however, not via Radius but with LDAP Scope Details SSL-VPN config: # config vpn ssl setting se...

sagha · 01-12-2022

Description This article describes why FortiGate Radius authentication may fail with Microsoft NPS as Radius server. Scope Fortigate Solution The setup is as follow: 1. FortiGate is configured as Radius Client. 2. Microsoft NPS is configured as a Rad...

sagha · 11-02-2021

Description This article describes how to configure VXLAN over IPsec for multiple VLANs. Solution Virtual Extensible LAN (VXLAN) is a network virtualization technology used in large cloud computing deployments. It encapsulates OSI layer 2 Ethernet fr...

sagha · 06-14-2022

Hi, There seems to be an issue with communication between the two devices as we can see alot P1_Retransmits. You need to check if you have two way traffic between the FGT and remote host. Share the output of this command: diagnose sniffer packet any ...

sagha · 06-07-2022

Hi, We do not see any traffic for FGT IP 10.1.0.1 which means traffic is not reaching the FGT. Please do the following sniffer: diagnose sniffer packet any 'host 10.1.0.1 and host 100.65.0.226 and port 161' 4 0 a Thanks, Shahan Agha

sagha · 06-07-2022

Hi Tom, You have the option of configuring source-ip on FGT for locally originated traffic. You can configure this for LDAP as well. config user ldap edit set source-ip x.x.x.x end Details here: https://community.fortinet.com/t5/FortiGate/Technical-...

sagha · 06-07-2022

Hello, Please check if the traffic is reaching FGT: diagnose sniffer packet any 'port 161' 4 Also, please run the debugs: diag debug application snmp -1 diag debug enable Please share them here, we can verify it then. Thank you. Shahan

sagha · 06-07-2022

Hi Tom, Thank you for reaching out to us. Please clarify the sort of traffic you are generating on FGT that is failing. You can share the following debugs to see what FGT is doing with traffic: diag de flow filter addr diag de flow trace start 1000 ...

Fortinet Community

User Statistics

User Activity

Technical Tip: Fortigate dropping VLAN traffic, debug flows not showing any output

Technical Tip: Certificate validation failing for IPsec VPN after upgrading from 6.0 to 6.2

Technical Tip: FortiGate RADIUS MFA not working for SSL-VPN with user also part of LDAP group

Technical Tip:FortiGate Radius authentication not working with Microsoft NPS when using accented characters in Passwords

Technical Tip: VXLAN over IPsec for multiple VLANs using software switch

Re: IPsec site to site Sophos Fortinet not established

Re: SNMPv3 issue

Re: Fortigate routes IPSEC traffic through DMZ interface

Re: SNMPv3 issue

Re: Fortigate routes IPSEC traffic through DMZ interface

Re: Fortigate routes IPSEC traffic through DMZ int...

Re: Fortigate HA out-of-sync

News & Articles

Security Research

Company

Contact Us