Description This article describes a scenario when external Routes with
the same cost 'ECMP' to the ASBRs are not installed on the routing table
or database. Scope FortiGate. Solution FortiGate by default has RFC1583
Compatibility disabled. Therefore...
Description This article has a list of resources that can be used to
configure and troubleshoot SD-WAN on FortiGate. Solution SD-WAN is a
software-defined approach to managing Wide-Area Networks (WAN). It
consolidates the physical transport connectio...
Description This article describes that Virtual Private Network (VPN)
technology enables users to connect to private networks in a secure way.
RFC 6071 describes IPsec (Internet Protocol Security) as a suite of
protocols thatprovides security to Inte...
Description This article provides information on how to view Memory and
CPU utilization trends on FortiGate using FortiAnalyzer reports when
troubleshooting memory conserve mode or high CPU usage issues. Scope
FortiGate, FortiAnalyzer. Solution Forti...
Description This article describes the behaviour of FortiOS when SA
rekey happens for phase1 and phase2 on FortiGate Scope FortiGate.
Solution What is a Security Association (SA)? The concept of a 'Security
Association' (SA) is fundamental to IPsec. ...
Hello, You could use overlay-id in your configuration to separate IPsec
VPN tunnels based on the IDs configured. This is not the same as peer id
and a Fortinet proprietary feature. So, it will only work for VPN
tunnels between FortiGates. But, as you...
Hello everyone, There was a bug introduced in FortiOS 7.0.2 where
generating a new ACME certificate from GUI will result in a certificate
signed by Let's Encrypt staging CA. Bug 0757130 was filed to fix the
issue and the issue has been fixed in Forti...
Hello Nolzee, The simple and more better way to design/configure your
FortiGate is to use SD-WAN as you can have some additional benefits of
failover, link-monitor and traffic load balancing. But, I can understand
that SD-WAN needs a whole re-configu...
Hello Radu_sec, Currently, FortiOS does not support RIP with non-default
VRFs. There is an NFR (New Feature Request) with ID 0748519 created to
add this feature in future. But, this does not guarantee that the
feature will be added in future. Please ...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.