Technical Tip: Fortinet's Secure SD-WAN Resource L...

pkavin · 06-28-2022

Description This article describes a scenario when external Routes with the same cost 'ECMP' to the ASBRs are not installed on the routing table or database. Scope FortiGate. Solution FortiGate by default has RFC1583 Compatibility disabled. Therefore...

pkavin · 06-01-2022

Description This article has a list of resources that can be used to configure and troubleshoot SD-WAN on FortiGate. Scope FortiGate. Solution SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It consolidates the physical tr...

pkavin · 06-01-2022

Description This article describes that Virtual Private Network (VPN) technology enables users to connect to private networks securely. RFC 6071 describes IPsec (Internet Protocol Security) as a suite of protocols thatprovides security to Internet co...

pkavin · 05-13-2022

Description This article provides information on how to view Memory and CPU utilization trends on FortiGate using FortiAnalyzer reports when troubleshooting memory conserve mode or high CPU usage issues. Scope FortiGate, FortiAnalyzer. Solution Forti...

pkavin · 05-12-2022

Description This article describes the behavior of FortiOS when SA rekey happens for phase1 and phase2 on FortiGate Scope FortiGate. Solution What is a Security Association (SA). The concept of a 'Security Association' (SA) is fundamental to IPsec. A...

pkavin · 05-13-2022

Hello, You could use overlay-id in your configuration to separate IPsec VPN tunnels based on the IDs configured. This is not the same as peer id and a Fortinet proprietary feature. So, it will only work for VPN tunnels between FortiGates. But, as you...

pkavin · 01-03-2022

You're welcome

pkavin · 01-03-2022

Hello everyone, There was a bug introduced in FortiOS 7.0.2 where generating a new ACME certificate from GUI will result in a certificate signed by Let's Encrypt staging CA. Bug 0757130 was filed to fix the issue and the issue has been fixed in Forti...

pkavin · 12-31-2021

Hello Nolzee, The simple and more better way to design/configure your FortiGate is to use SD-WAN as you can have some additional benefits of failover, link-monitor and traffic load balancing. But, I can understand that SD-WAN needs a whole re-configu...

pkavin · 12-31-2021

Hello Radu_sec, Currently, FortiOS does not support RIP with non-default VRFs. There is an NFR (New Feature Request) with ID 0748519 created to add this feature in future. But, this does not guarantee that the feature will be added in future. Please ...

User Statistics

User Activity

Technical Tip: OSPFv2 ECMP for External Routes Expected Behavior with RFC1583 Compatibility