Fortinet Community

syordanov · 05-15-2023

Description This article describes how to configure the destination port for the Central SNAT table. Scope 7.4.x onwards. Solution Central NAT is a very useful feature on FortiGate on which it can be defined how to control the NAT. The Central NAT ta...

syordanov · 03-14-2023

Description This article describes how to generate ssh keys on the Linux SSH host and use it for public-private key authentication to the FortiGate unit. Scope FortiOS 6.4, 7.0.x, 7.2.x. Solution 1) Generate the public-private key pair on the Linux h...

syordanov · 02-14-2023

Description This article describes how to restart automatically WAD workers using the built-in mechanism. Scope FortiGate v7.2.4 and onward. Solution FortiOS version 7.2.4 has introduced a new feature that gives the possibility to configure auto-rest...

syordanov · 01-05-2023

Description The article describes how to do a fast check of the session list and how to filter by IP address, ports, or serial-id (from debug flow) using the 'grep'. Scope FortiGate 6.0.x, 6.2.x, 6.4.x,7.0.x, 7.2.x. Solution In many environments, For...

syordanov · 12-28-2022

Description This article explains how to restrict SSH and telnet traffic from a FortiGate to other hosts. Scope FortiOS 7.2.1. Solution Administrator access profiles can be configured to prevent administrators from using the FortiGate as a jump host ...

syordanov · 06-07-2023

Dear tim5700, For this scenario where Fortigate has static IP address and Palo Alto has dynamic IP address, you can check the KB bellow : Dialup VPN Configuration Between Two FortiGates In your case the Fortigate will be configured as Dialup Server a...

syordanov · 02-26-2023

Hello MadDog_2023, As far as i understand you have 2 links to internet - NBN and 4G, NBN has priority 0(more preferable than 4G). When NBN is down all outgoing traffic is moved to 4G which is normal, but when NBN is back again the outgoing traffic is...

syordanov · 10-19-2022

Hello opt, Thanks, so your HUB receives the IKE (UDP 500) messages from spoke which uses Starlink. You can use the following commands to see if there is established phase1/phase2: # diagnose vpn ike gateway list # diagnose vpn tunnel list For IKE deb...

syordanov · 10-18-2022

Hello Opt, Ok in that case you can try to see which is the public IP address assigned by Starlink or address used for SNAT to leave their network and go to internet. Run this command on your FG(spoke) # diagnose sys waninfo ipify port1 <--- replace p...

syordanov · 10-18-2022

Dear opt, Please follow the suggestion of my colleague, see if ESP packets are sent out your exit interface. If they are sent but nothing is received on other and maybe Starlink is doing filtering on the ESP packets. You can give a try with NAT-T to ...

Fortinet Community

User Statistics

User Activity

Technical Tip: Configure the destination port for the Central SNAT table

Technical Tip: How to generate ssh keys on Linux host and use it for public-private key authentication to FortiGate.

Technical Tip: Use new FortiOS mechanism to automatically restart WAD workers

Technical Tip: Check the session list and filter by IP address or port using the 'grep'

Technical Tip: Restricting SSH and telnet from FortiGate to other hosts

Re: VPN between Fortigate (static IP) & Palo Alto (dynamic IP)

Re: How to stop FortiGate to failback to 4G

Re: IPSEC tunnels behind CGNAT Starlink

Re: IPSEC tunnels behind CGNAT Starlink

Re: IPSEC tunnels behind CGNAT Starlink

Technical Tip: Check the session list and filter b...

Technical Tip: Use new FortiOS mechanism to automa...

Re: IPSEC VPN Issues

KCS