Technical Tip: Automatically restart WAD worker pr...

syordanov · 11-25-2025

Description This article describes how to configure VDOM DNS for multi-vdom system, where the system DNS is used with public DNS, and firewall rules on some of the VDOMs are configured with internal FQDN as the destination. Scope FortiOS v7.0.x, v7.2...

syordanov · 10-27-2025

Description This article describes how to configure the proper Virtual IP (VIP) with loopback on FortiOS v7.4.8+. Scope FortiOS v7.4.8+. Solution There is a change in the behavior when VIP is configured on the loopback. This article will describe how...

syordanov · 10-02-2025

Description This article describes how to configure FortiGate to send TCP RST or ICMP6 'unreachable prohibited' for a blocked traffic. Scope FortiOS 7.2, 7.4, 7.6 Solution By default FortiOS does not send TCP RST for blocked traffic (IPv4 and IPv6). ...

syordanov · 08-20-2025

Description This article describes how the traffic to specific VIP can be restricted on FortiGate. Scope FortiOS 7.0, 7.2, 7.4, 7.6. Solution Sometimes, access to certain VIPs needs to be restricted for specific IP addresses. This article describes h...

syordanov · 07-28-2025

Description This article explains how to configure IPv6 trusted hosts Scope FortiGate v6.4, v7.0, v7.2, v7.4 and v7.6. Solution Trusted hosts are useful to restrict admin access to FortiGate. When only an IPv4 trusted host is configured, then access ...

syordanov · 11-12-2025

Hello Kennylin, Thanks for the new logs. Again FortiGate creates a new session (session ID 0009159e) , DNAT is triggered correctly, but the RST packet looks strange, because it's locally generated : 2025-11-12 12:44:53 id=65308 trace_id=64 func=print...

syordanov · 11-11-2025

Hello Kenny, Thanks for the logs.So based on them source is x.y.z.133, destination is x.y.z.136 over TCP 80. Because of the DNAT, x.y.z.136 is translated to 192.168.1.60, traffic is allowed by policy No 6, for this policy is configured an IPpool , so...

syordanov · 11-10-2025

Hello Kenny , I hope you are doing well. It will be useful if you run the following debug when the user is testing the access from x.y.z.133 to x.y.z.136 , please use the following debug : diagnose debug reset diagnose debug disable diagnose debug fl...

syordanov · 10-27-2025

Dear chrisgdg, It's expected behavior. If the device has expired support contract or EOF starting from FortiOS 7.4.8 GA, an automatic firmware upgrade is forced once there is a new GA release. This upgraded can't be cancelled, it can be only postpone...

syordanov · 09-25-2025

Hi João, Based on the output from the routing table above, you have two default routes , one BGP with AD of 20 and one static with AD of 240. When you have 2 route for the same destination with different AD, FortiOS will install the one with lowest A...

User Statistics

User Activity

Techinical Tip: How to configure system DNS for multivdom system

Technical Tip: How to configure VIP with loopback on FortiOS v7.4.8

Technical Tip: Configure IPv6 policy to send RST when the firewall rule blocks that traffic.

Technical Tip: Restrict the traffic to VIP for specific group of IP addresses.

Technical Tip: Configure IPv6 trusted hosts to access FortiGate

Re: Fortigate 40F VIP not working for same network

Re: Fortigate 40F VIP not working for same network

Re: Fortigate 40F VIP not working for same network

Re: Autoupgrade firmware for expired support

Re: Fortigate - Traffic on backup WAN interfcae dropped

Technical Tip: Automatically restart WAD worker pr...

Technical Tip: Check the session list and filter b...

Re: Split Tunneling with SSL-VPN to Access AWS Ser...

Troubleshooting Tip: Troubleshooting BGP over IPse...

Technical Tip: How to generate ssh keys on Linux h...

Re: Fortigate 40F VIP not working for same network

Re: Split Tunneling with SSL-VPN to Access AWS Ser...

Re: dial up vpn hq to hub and hub to hq traffic wo...

Re: WAN Interface not shown in Firewall Policy

Re: Fortigate Limited Access

KCS

User Statistics

User Activity

You are leaving our website