Technical Tip: FortiGate and ZSTD implementation (...

AlexC-FTNT · 10-08-2024

Description This article describes that the 'By sequence' view is either available after a migration from another vendor, or manually set up in CLI. Follow this article for details: Technical Tip: Configure sequence grouping for firewall policies for...

AlexC-FTNT · 09-18-2024

Description This article describes how to display the list of current running packet captures. Note that running packet captures or sniffers issued through CLI (applet or SSH connection) cannot be displayed. Scope FortiOS. Solution FortiOS can displa...

AlexC-FTNT · 08-22-2024

Description This article explains how the security profiles are applied in a FortiGate. Scope FortiGate, all versions. Solution As in all network equipment, the communication with the exterior of the hardware is done via ports/interfaces. Where these...

AlexC-FTNT · 08-21-2024

Description This article describes a corner-case situation when sometimes the traffic over VPN session is not passing, even if endpoint has correct tag, and IP assigned. In this particular scenario, the user can only reach the EMS server after establ...

AlexC-FTNT · 08-21-2024

Description This article describes the NP overloading repeated questions. Scope FortiGate with NP processors. Solution NP processors do not have a counter for 'load' or a way to signal when 'overloaded'. When the load is high, they will not be capabl...

AlexC-FTNT · 11-12-2024

The Vlan tag is is a 32-bit field between the source MAC address and the EtherType fields of the original frame. There's nothing more to it. If the packet has Vlan tag 50 as it arrives on an interface, it is accepted, vlan tag stripped, then it is se...

AlexC-FTNT · 11-12-2024

why? is port3 in vlan50 also? FortiGate is a router, not a switch

AlexC-FTNT · 11-12-2024

Generally, these articles are better explained in the community portal. For example: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-the-log-message-User-shutdown-the/ta-p/301290 1) Who is this third-part CA? >> there are many...

AlexC-FTNT · 11-12-2024

If nothing is configured, what would you like to test? The hardware test can be done at any point. Look for HQIP test, there are articles describing how to perform it (depending on the unit model)

AlexC-FTNT · 11-12-2024

Explicit proxy is not needed. But you need to perform deep inspection in proxy-mode policy. With certificate inspection only, FortiGate is only able to see the domain name for that particular website. So the full URL is not visible, can't be logged, ...

User Statistics

User Activity

Technical Tip: Design change on grouping policies in sequence groups

Technical Tip: How to show current active packet captures

Technical Tip: Direction of traffic for security profiles (Webfilter, AV, etc)

Troubleshooting Tip: ZTNA tags not propagated from FortiClientEMS

Troubleshooting Tip: How to check if NP6 is overloaded

Re: Trunk, how to add an access port

Re: Trunk, how to add an access port

Re: msg="User shutdown the device from forticron. The reason is 'System file integrity check fa

Re: FortiGate Firewall Security Testing

Re: Web Filtering on Fortigate without Explicit Proxy

Technical Tip: FortiGate and ZSTD implementation (...

Technical Tip: FortiOS Unsupported feature: 'Is it...

Technical Tip: Hardware switch, Software switch, V...

Troubleshooting Tip: FortiGate blocking SIP INVITE...

Re: Cant find tdtype log field anywhere

Re: msg="User shutdown the device from forticron. ...

Re: Best Practices for FortiGate HA Pair Setup wit...

Re: How to connect two IPoE lines

Re: How to configure SDWAN pasive - active by CLI

Re: Cannot add the aggregate vpn member

Fortinet Training Institute

KCS