Fortinet Community

syordanov · 03-14-2023

Description This article describes how to generate ssh keys on the Linux SSH host and use it for public-private key authentication to the FortiGate unit. Scope FortiOS 6.4, 7.0.x, 7.2.x. Solution 1) Generate the public-private key pair on the Linux h...

syordanov · 02-14-2023

Description This article describes how to restart automatically WAD workers using the built-in mechanism. Scope FortiGate v7.2.4 and onward. Solution FortiOS version 7.2.4 has introduced a new feature that gives the possibility to configure auto-rest...

syordanov · 01-05-2023

Description The article describes how to do a fast check of the session list and how to filter by IP address or ports using the 'grep'. Scope FortiGate 6.0.x, 6.2.x, 6.4.x,7.0.x, 7.2.x. Solution In many environments, FortiGate is responsible to handl...

syordanov · 12-28-2022

Description This article explains how to restrict SSH and telnet traffic from a FortiGate to other hosts. Scope FortiOS 7.2.1. Solution Administrator access profiles can be configured to prevent administrators from using the FortiGate as a jump host ...

syordanov · 11-28-2022

Description This article explains how to change which VDOM to be used for FortiGuard services and updates when the multi-VDOM mode is used. Scope FortiOS 7.2.3+. Solution This is useful when management VDOM has no internet connectivity. Fortigate_VM ...

syordanov · 02-26-2023

Hello MadDog_2023, As far as i understand you have 2 links to internet - NBN and 4G, NBN has priority 0(more preferable than 4G). When NBN is down all outgoing traffic is moved to 4G which is normal, but when NBN is back again the outgoing traffic is...

syordanov · 10-19-2022

Hello opt, Thanks, so your HUB receives the IKE (UDP 500) messages from spoke which uses Starlink. You can use the following commands to see if there is established phase1/phase2: # diagnose vpn ike gateway list # diagnose vpn tunnel list For IKE deb...

syordanov · 10-18-2022

Hello Opt, Ok in that case you can try to see which is the public IP address assigned by Starlink or address used for SNAT to leave their network and go to internet. Run this command on your FG(spoke) # diagnose sys waninfo ipify port1 <--- replace p...

syordanov · 10-18-2022

Dear opt, Please follow the suggestion of my colleague, see if ESP packets are sent out your exit interface. If they are sent but nothing is received on other and maybe Starlink is doing filtering on the ESP packets. You can give a try with NAT-T to ...

syordanov · 09-13-2022

Hello Umesh, Please find the screenshots bellow how to enable the "policy ID" column in GUI :

Fortinet Community

User Statistics

User Activity

Technical Tip: How to generate ssh keys on Linux host and use it for public-private key authentication to FortiGate.

Technical Tip: Use new FortiOS mechanism to automatically restart WAD workers

Technical Tip: Check the session list and filter by IP address or port using the 'grep'

Technical Tip: Restricting SSH and telnet from FortiGate to other hosts

Technical Tip: How to use non management VDOM for Fortiguard services and updates

Re: How to stop FortiGate to failback to 4G

Re: IPSEC tunnels behind CGNAT Starlink

Re: IPSEC tunnels behind CGNAT Starlink

Re: IPSEC tunnels behind CGNAT Starlink

Re: policy Id is not showing

Technical Tip: Use new FortiOS mechanism to automa...

Technical Tip: Check the session list and filter ...

Re: IPSEC VPN Issues