Troubleshooting Tip: Firewall policy set to 'allow...

JianWu · 11-05-2024

Description This article describes that Port A and Port B seen in model FortiGate 60F/61F, 70F/71F, 80F/81F, and 90G/91G can be used as regular traffic ports. Scope Entry-level FortiGate. Solution In earlier FortiGate models, there could be dedicated...

JianWu · 10-11-2024

Description This article explains an issue when user has a FortiGate cluster (A-P) connecting to a FortiSwitch, multiple ports are configured and connected, but only one port shows up. Scope FortiGate FortiLink FortiSwitch Solution Topology: FortiGat...

JianWu · 09-10-2024

Description This article describes the approach to allow only TLS1.2/TLS1.3 through traffic and block lower version SSL traffic. Scope FortiGate . Solution Most TLS traffic today is run on TLS1.2+ as the modern browser by default supports TLS1.2+. Ho...

JianWu · 08-20-2024

Description This article describes when running into such a message in the system event log, what it means, and provides a guideline for troubleshooting as well as suggestions for log collection to engage Fortinet TAC. Scope FortiGate Log CMDB deadlo...

JianWu · 08-15-2024

Description This article describes that FQDN-based address objects are easier to use in firewall policy. In many cases, an FQDN may return a list of IPs. In such cases, the default setting is good enough. However, in some cases, only one IP is return...

JianWu · 01-13-2023

Another possible cause for this symptom is that the FGT never Acked on FAZ connection. To check this, in the config, you would see the FortiAnalyzer IP but not the serial number. If so, putting the command "set serial" in would also address the issue...

JianWu · 09-28-2022

If you see the following error msg when running TCL script, that usually indicates password issue. Please refer to the article below for solution. Script $NameoftheScript executed on $NameoftheDevice failed. Reason: Run script fail https://community....

JianWu · 09-08-2022

To delete packet capture files (captured by policy), please use the command below. execute policy-packet-capture delete-all Delete all captured packet.

JianWu · 08-04-2022

This feature is added in 7.0+ https://docs.fortinet.com/document/fortigate/7.0.0/new-features/885870/interface-migration-wizard Before it is available, it does require some effort. One way to do is to create a new VLAN interface, and replace all the ...

JianWu · 11-16-2021

Try specifying a time range.. like last 24 hours or last 7 days.

User Statistics

User Activity

Technical Tip: Using FortiGate Port A and Port B as regular traffic ports

Troubleshooting Tip: FortiLink Ports down, only one port up

Troubleshooting Tip: Block earlier version TLS1.1 TLS1.0 SSLv3.0 Through Traffic

Troubleshooting Tip: LogID 44555 CMDB lock deadlock is detected

Technical Tip: How to deal with FQDN with short DNS TTL

Re: Technical tip: Admin login from 127.0.0.1

Re: Technical Tip: Use TCL script in FortiManager to schedule FortiGate configuration backup

Re: Removing Packet Capture Logs on FortiGate 5.2 using CLI

Re: Change of VLAN ID

Re: Fortigate load logs from FAZ extremely slow.

Troubleshooting Tip: Firewall policy set to 'allow...

Troubleshooting Tip: SSL.Anonymous.Ciphers.Negotia...

Re: Change of VLAN ID

KCS