Troubleshooting Tip: Firewall policy set to 'allow...

JianWu · 06-02-2024

Description This article explains and describes how to resolve SSL.Anonymous.Ciphers.Negotiation or SSL.Null.Ciphers.Negotiation messages in the Intrusion Prevention log for traffic and traffic passed. Scope FortiGate IPS. Solution Some users report ...

JianWu · 05-22-2024

Description This article describes a solution when there is a name change in the ISDB object. Scope FortiManager, Policy Package, ISDB name change. Solution ISDB (Internet Service Database) name does not change often. When it does, even if FortiGate ...

JianWu · 05-12-2024

Description This article describes how to do not advertise all routes received from one BGP peer to other peers. Scope FortiGate v6.0, v6.2, v6.4, v7.0. Solution Topology: By default, routes learned from eBGP are advertised to other eBGP peers. This ...

JianWu · 04-07-2024

Description This article describes how to resolve a scenario where no packets leave the egress interface even with a firewall policy set to 'allow'. Scope FortiGate. Solution There could be different scenarios where packets enter the FortiGate but do...

JianWu · 01-30-2024

Description This article describes how to export VIP, address, services, ippool objects into Excel or CSV format. At this time, there is no built-in way to export objects into CSV or Excel format. This article provides a way with an Excel formula to ...

JianWu · 01-13-2023

Another possible cause for this symptom is that the FGT never Acked on FAZ connection. To check this, in the config, you would see the FortiAnalyzer IP but not the serial number. If so, putting the command "set serial" in would also address the issue...

JianWu · 09-28-2022

If you see the following error msg when running TCL script, that usually indicates password issue. Please refer to the article below for solution. Script $NameoftheScript executed on $NameoftheDevice failed. Reason: Run script fail https://community....

JianWu · 09-08-2022

To delete packet capture files (captured by policy), please use the command below. execute policy-packet-capture delete-all Delete all captured packet.

JianWu · 08-04-2022

This feature is added in 7.0+ https://docs.fortinet.com/document/fortigate/7.0.0/new-features/885870/interface-migration-wizard Before it is available, it does require some effort. One way to do is to create a new VLAN interface, and replace all the ...

JianWu · 11-16-2021

Try specifying a time range.. like last 24 hours or last 7 days.

User Statistics

User Activity

Troubleshooting Tip: SSL.Anonymous.Ciphers.Negotiation in IPS log

Technical Tip: FortiManager Policy Package does not adjust automatically when an ISDB object in use has a name change

Troubleshooting Tip: Stop advertising all routes learned from one BGP peer to other BGP peer(s)

Troubleshooting Tip: Firewall policy set to 'allow' but no packet leaves the egress interface, all traffic drops at the egress interface

Technical Tip: How to export VIP, address, services, ippool objects into Excel or CSV format

Re: Technical tip: Admin login from 127.0.0.1

Re: Technical Tip: Use TCL script in FortiManager to schedule FortiGate configuration backup

Re: Removing Packet Capture Logs on FortiGate 5.2 using CLI

Re: Change of VLAN ID

Re: Fortigate load logs from FAZ extremely slow.

Troubleshooting Tip: Firewall policy set to 'allow...

Troubleshooting Tip: SSL.Anonymous.Ciphers.Negotia...

Re: Change of VLAN ID

KCS