Fortinet Community

syordanov · 01-05-2023

Description The article describes how to do a fast check of the session list and how to filter by IP address or ports using the 'grep'. Scope FortiGate 6.0.x, 6.2.x, 6.4.x,7.0.x, 7.2.x. Solution In many environments, FortiGate is responsible to handl...

syordanov · 12-28-2022

Description This article explains how to restrict SSH and telnet traffic from a FortiGate to other hosts. Scope FortiOS 7.2.1. Solution Administrator access profiles can be configured to prevent administrators from using the FortiGate as a jump host ...

syordanov · 11-28-2022

Description This article explains how to change which VDOM to be used for FortiGuard services and updates when the multi-VDOM mode is used. Scope FortiOS 7.2.3+. Solution This is useful when management VDOM has no internet connectivity. Fortigate_VM ...

syordanov · 12-28-2021

Description This article describes how to configure custom IKE port between two FortiGate FWs. Scope Only on FortiOS 7.0.0 and above Solution Some ISPs block UDP port 500 or UDP 4500, preventing an IPsec from being established, FortiOS 7.0.0 introduc...

syordanov · 12-27-2021

Description This article describes how to connect 2 Transperant VDOMs with NAT VDOM between them on the same FortiGate. Scope FortiGate Solution Traditional IPv4 firewalls and NAT mode FortiGates handle traffic the same way that routers do. Each inte...

syordanov · 10-19-2022

Hello opt, Thanks, so your HUB receives the IKE (UDP 500) messages from spoke which uses Starlink. You can use the following commands to see if there is established phase1/phase2: # diagnose vpn ike gateway list # diagnose vpn tunnel list For IKE deb...

syordanov · 10-18-2022

Hello Opt, Ok in that case you can try to see which is the public IP address assigned by Starlink or address used for SNAT to leave their network and go to internet. Run this command on your FG(spoke) # diagnose sys waninfo ipify port1 <--- replace p...

syordanov · 10-18-2022

Dear opt, Please follow the suggestion of my colleague, see if ESP packets are sent out your exit interface. If they are sent but nothing is received on other and maybe Starlink is doing filtering on the ESP packets. You can give a try with NAT-T to ...

syordanov · 09-13-2022

Hello Umesh, Please find the screenshots bellow how to enable the "policy ID" column in GUI :

syordanov · 09-05-2022

Dear ITACCCUT , For the ICMP from 10.0.0.83 to 10.2.0.254 i can see that FW is matching FW policy rule No37 and traffic is forwarded to IPsec interface StG.To check if traffic is leaving your device, please runn a sniffer like this bellow : # diagnos...

Fortinet Community

User Statistics

User Activity

Technical Tip: Check the session list and filter by IP address or port using the 'grep'

Technical Tip: Restricting SSH and telnet from FortiGate to other hosts

Technical Tip: How to use non management VDOM for Fortiguard services and updates

Technical Tip: Configure custom IKE port between two FortiGate FWs

Technical Tip: Connect 2 Transparent VDOMs with NAT VDOM between them on the same FortiGate

Re: IPSEC tunnels behind CGNAT Starlink

Re: IPSEC tunnels behind CGNAT Starlink

Re: IPSEC tunnels behind CGNAT Starlink

Re: policy Id is not showing

Re: IPSEC VPN Issues

Technical Tip: Check the session list and filter ...

Re: IPSEC VPN Issues