Technical Tip: VXLAN over IPsec for multiple VLANs...

sagha · 06-26-2025

Description This article explains a scenario where an explicit proxy may fail on a Loopback if there is a captive portal config on the incoming interface. Scope FortiGate. Solution A loopback interface is configured and has explicit proxy enabled: co...

sagha · 05-14-2025

Description This article explains how to work around when changing the 'ip-fragmentation' settings for a Dial-up IPsec VPN tunnel is not taking effect immediately. Scope FortiGate Solution Consider the following setup: On the Hub location, a dynamic ...

sagha · 04-18-2025

Description This article describes how it can be avoided to SNAT all traffic to VIP extip with 'set snat-source-vip enabled' and central-snat is enabled on the FortiGate. Scope FortiOS. Solution As explained in this article, Technical Tip: How to use...

sagha · 03-14-2025

Description This article describes a scenario where FortiGate fails to redistribute BGP routes into OSPF Scope FortiGate. Solution There are two Hub locations, i.e., Hub1 and Hub2. On Hub locations, the BGP route is learned from Spoke, which then get...

sagha · 02-27-2025

Description This article describes the reason behind the DHCP failing when having DHCP relay on FortiGate with dynamic VLAN change for the DHCP client Scope FortiGate. Solution With a DHCP request received on the VLAN 15, it will be relayed to the DH...

sagha · 02-01-2023

Hi Balazs, The selection of FOS is usually based on the requirements or features you are going to use. The latest version is 7.2 I would suggest going through the release notes that highlight any known issues. If there are known issues that are point...

sagha · 01-09-2023

Hi CustomX, For this, you will have to check how the traffic is getting routed and might need Firewall policies with NAT between two interfaces. This way you can perform source NAT and change the source as you like by either using the IP address of t...

sagha · 01-02-2023

Hi Ranjith, This article might help: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-per-VDOM-DNS/ta-p/190815 Thank you. Shahan

sagha · 01-02-2023

Hi mhanna, A static route is necessary to ensure that traffic is going via the correct interface. In the VPN setting, for phase2 when you add a local subnet and a remote subnet, this ensures that traffic between these two subnets can flow over the VP...

sagha · 10-25-2022

Hi ychsiao, Please raise a support case so TAC can look into this. Thank you. Shahan

User Statistics

User Activity

Technical Tip: Explicit Proxy configured on a Loopback Interface fails because of captive portal config on incoming interface

Technical Tip: Phase1 'set ip-fragmentation' settings for a Dial-Up IPsec VPN Tunnel not taking effect immediately

Technical Tip: Avoiding all traffic getting SNAT'ed to VIP extip when 'set nat-source-vip enable' is configured with central-snat enabled

Technical Tip: FortiGate not redistributing BGP routes received via Spoke into OSPF on Hub location

Technical Tip: DHCP failing with DHCP relay on FortiGate with VLANs changing

Re: Pick the proper fortigate OS

Re: Fortigate routes IPSEC traffic through DMZ interface

Re: Add Multiple DNS IP in Fortigate Fw

Re: Static Route for IPSecVPN

Re: Fortigate 101F NP6XLITE error xaui.sdsn

Technical Tip: VXLAN over IPsec for multiple VLANs...

Technical Tip: GUI is not reachable after an upgra...

Troubleshooting Tip: FortiGate losing logs or even...

Troubleshooting Tip: BGP next hop showing as 0.0.0...

Technical Tip: Reverse path forwarding check not w...

Re: Fortigate MGMT (dedicated) access over IPSEC

Re: how to reset hit counts for SD-WAN rules?

Re: Sniffer theory: incomming packets are seen on ...

Re: DNAT supported on Fortigate 40F?

Re: accessing site to site VPN network while conne...

KCS

User Statistics

User Activity

You are leaving our website