Technical Tip: Automatically restart WAD worker pr...

syordanov · 03-21-2025

Description This article describes how to configure a link-monitor on IPSec Aggregate and disable the routes associated with this aggregate. Scope FortiGate v6.4, v7.0, v7.2, v7.4 and v7.6 Solution In v7.0.1 the routing behavior is changed, all route...

syordanov · 02-21-2025

Description This article describes how to schedule and disable/enable FortiGate interfaces. Scope FortiOS v6.4, v7.0, v7.2, v7.4, v7.6. Solution Sometimes is needed to do a scheduled disable/enable the interface to reduce the unnecessary usage of spe...

syordanov · 01-27-2025

Description This article provide guidance on how to perform initial diagnostics for non working BGP over IPsec. Scope FortiOS v6.x, v7.x. Solution BGP is widely used dynamic routing protocol. It allows to run over IPsec tunnels which make it very use...

syordanov · 12-20-2024

Description This article explains the difference between DNAT(VIP) and Full Cone NAT. Scope FortiOS 7.6.0+ Solution DNAT (VIP) and Full Cone NAT are Network Address Translation. The DNAT (VIP) is a technique where external client/hosts are allowed to...

syordanov · 11-25-2024

Description This article describes how FortiGate performs SNAT when multiple IP pools are configured. Scope FortiOS 5.x, 6.x, 7.x Solution FortiOS allows the configuration of multiple IP pools in a firewall rule. This is useful when two or more inter...

syordanov · 03-18-2024

Hello RolandBaumgaerhner72, If you want to combine Policy routes + SD-WAN , keep in mind that Fortigate fist process the policy routes and if there is no match then checks the SD-WAN . The KB bellow provides a useful information for the behaviour of ...

syordanov · 03-18-2024

Hello Thoubik , As far as i understand you have topology like this : VLAN100<-->Fortigate<-->VLAN200 Withoyt asymetric routing you can route the traffic from VLAN100 to VLAN200 or vica versa , you just need to configure proper FW rules and adjust the...

syordanov · 02-22-2024

Hello Mirza_Asad2723, For option No1, '4 0 l' , 4 means "Print header of the packet + interface name", 0 means unlimited packet capture, l means local FW time as a timestamp . For Option No2, proto 1 means, filter by protocol No1 which is ICMP(ping),...

syordanov · 02-21-2024

Hello Chris, I hope you are doing well. As far as i understand you have few VMs connected to your device, to which interface they are connected to ? What is the IP address and interface config for that interface ? Please run the debug bellow and gene...

syordanov · 02-21-2024

Hello, Using the commands above Fortigate will generate 50 ICMP messages with source IP 59.37.244.221 to destination IP 205.89.157.8. If you want to track the ICMP you can open a new SSH session and run the following commands : Option No1 : diagnose ...

User Statistics

User Activity

Technical Tip: IPSec aggregate with link-monitor

Technical Tip: Schedule disable/enable of FortiGate interfaces

Troubleshooting Tip: Troubleshooting BGP over IPsec

Technical Tip: Difference between DNAT(VIP) and Full Cone NAT

Technical Tip: FortiGate firewall rule with multiple IP pools for SNAT

Re: Policy Routes with SD WAN - Suggestions

Re: inter-VLAN routing issue

Re: PINGING WITH REPEAT COUNT AND SOURCE ADDRESS

Re: DMZ using loopback.

Re: PINGING WITH REPEAT COUNT AND SOURCE ADDRESS

Technical Tip: Automatically restart WAD worker pr...

Technical Tip: Check the session list and filter b...

Technical Tip: Enable SNMP index extension

Troubleshooting Tip: Troubleshooting BGP over IPse...

Technical Tip: How to filter AS in BGP neighbor-gr...

Re: WAN Interface not shown in Firewall Policy

Re: Fortigate Limited Access

KCS

User Statistics

User Activity

You are leaving our website