Description This article describes how to configure the destination port
for the Central SNAT table. Scope 7.4.x onwards. Solution Central NAT is
a very useful feature on FortiGate on which it can be defined how to
control the NAT. The Central NAT ta...
Description This article describes how to generate ssh keys on the Linux
SSH host and use it for public-private key authentication to the
FortiGate unit. Scope FortiOS 6.4, 7.0.x, 7.2.x. Solution 1) Generate
the public-private key pair on the Linux h...
Description This article describes how to restart automatically WAD
workers using the built-in mechanism. Scope FortiGate v7.2.4 and onward.
Solution FortiOS version 7.2.4 has introduced a new feature that gives
the possibility to configure auto-rest...
Description The article describes how to do a fast check of the session
list and how to filter by IP address, ports, or serial-id (from debug
flow) using the 'grep'. Scope FortiGate 6.0.x, 6.2.x, 6.4.x,7.0.x,
7.2.x. Solution In many environments, For...
Description This article explains how to restrict SSH and telnet traffic
from a FortiGate to other hosts. Scope FortiOS 7.2.1. Solution
Administrator access profiles can be configured to prevent
administrators from using the FortiGate as a jump host ...
Dear tim5700, For this scenario where Fortigate has static IP address
and Palo Alto has dynamic IP address, you can check the KB bellow :
Dialup VPN Configuration Between Two FortiGates In your case the
Fortigate will be configured as Dialup Server a...
Hello MadDog_2023, As far as i understand you have 2 links to internet -
NBN and 4G, NBN has priority 0(more preferable than 4G). When NBN is
down all outgoing traffic is moved to 4G which is normal, but when NBN
is back again the outgoing traffic is...
Hello opt, Thanks, so your HUB receives the IKE (UDP 500) messages from
spoke which uses Starlink. You can use the following commands to see if
there is established phase1/phase2: # diagnose vpn ike gateway list #
diagnose vpn tunnel list For IKE deb...
Hello Opt, Ok in that case you can try to see which is the public IP
address assigned by Starlink or address used for SNAT to leave their
network and go to internet. Run this command on your FG(spoke) #
diagnose sys waninfo ipify port1 <--- replace p...
Dear opt, Please follow the suggestion of my colleague, see if ESP
packets are sent out your exit interface. If they are sent but nothing
is received on other and maybe Starlink is doing filtering on the ESP
packets. You can give a try with NAT-T to ...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.