Hi We have a SSLVPN Web portal on one Fortigate. When using it to get to
resources behind a tunnel on another Fortigate, it seems to NAT the
traffic despite the policy having NAT turned off. FG2 sees the source
address of traffic to AWS being 192.168...
Hi I'm using a Teltonika RUT240 in passthrough mode to add 4G to a
Fortigate 60E running 7.0.12. It seems to work well enough, and the
Forti interface connected to the Teltonika gets its public IP. The idea
is to create a second IPsec tunnel on the 4...
HiHas anyone come across traffic to 208.100.26.245, which Shodan
identifies as securityscorecard.com, being detected and identified as
CnC threat traffic by a Fortigate? They appear to be one of those
security companies that actively scan the Interne...
Hi I'm trying to get a transparent proxy working using kerberos
authentication. I believe all I'm missing is a captive portal to
facilitate the kerberos authentication. When I enable the captive portal
on the lan interface, I have to exempt all addre...
Edited: Looks like this is expected behavior for web SSLVPN. "The source
IP address used by the FortiGate when accessing SSL VPN Web Portal
bookmarks is the IP address configured for the outgoing interface
specified in the SSL VPN security policy."
h...
It was the 4G provider using some carrier grade NAT. I managed to get it
working by changing the APN on the 4G device, which bypasses the
NAT.Thanks for taking a look at it.
I got it working by changing the APN on the 4G device. This bypasses the
CGNAT. I asked in a local forum for the 4G provider, and someone knew
the correct APN name to use.
It turns out the DDNS address isn't the address the other Forti sees the
tunnel originating from.There must be some NAT happening downstream of
the 4G interface :(