Description This article describes how to configure FortiGate to send
TCP RST or ICMP6 'unreachable prohibited' for a blocked traffic. Scope
FortiOS 7.2, 7.4, 7.6 Solution By default FortiOS does not send TCP RST
for blocked traffic (IPv4 and IPv6). ...
Description This article describes how the traffic to specific VIP can
be restricted on FortiGate. Scope FortiOS 7.0, 7.2, 7.4, 7.6. Solution
Sometimes, access to certain VIPs needs to be restricted for specific IP
addresses. This article describes h...
Description This article explains how to configure IPv6 trusted hosts
Scope FortiGate v6.4, v7.0, v7.2, v7.4 and v7.6. Solution Trusted hosts
are useful to restrict admin access to FortiGate. When only an IPv4
trusted host is configured, then access ...
Description This article explains how to use and configure the new
feature for IPv6 HA Reserved management port. Scope FortiOS v7.6.3
onward. Solution Before FortiOS v7.6.2 and lower versions, HA Reserved
management port was possible to configure onl...
Description This article describes how to configure a schedule stitch
which will be triggered during specific period in order to monitor the
BGP. If the BGP which runs over IPsec is down, this tunnel will be
restarted. Scope FortiOS 7.0.x, 7.2.x, 7.4...
Hi João, Based on the output from the routing table above, you have two
default routes , one BGP with AD of 20 and one static with AD of 240.
When you have 2 route for the same destination with different AD,
FortiOS will install the one with lowest A...
Dear 52000cc, When the second spoke is connect, are you able do an ICMP
between both spokes? From second spoke, can you ping the HUB? IP
addresses on the spokes VPN tunnel interface are assigned manually or
with mode-config, range?Please check the KB...
Hello RolandBaumgaertner72 , If both static default routes are with the
same AD, means that they are installed . Here plays a role the
'priority' , lowest priority makes the route more preferable.Regarding
the SD-WAN , it depends if you have active m...
Hello RolandBaumgaertner72 , As far as i understand, your current
FortiGate 90F has to 'ISP' connections 'A' is your MPLS, 'B' is your
secondary connection.Did you run any sniffer or debug flow during the
time window? What is the static route for you...
Dear Gaetan_237, Please run the commands bellow : SSH No1: diagnose
sniffer packet any " host x.x.x.x and host y.y.y.y" 4 0 l , where
x.x.x.x is the IP address located behind your FortiGate and y.y.y.y is
the IP address located behind remote VPN peer...