Technical Tip: FortiGate and ZSTD implementation (...

AlexC-FTNT · 05-19-2025

Description This article describes the usage, limitations, and requirements of the 'fnsysctl' command on FortiGate devices. Scope FortiGate. Solution The fnsysctl command is frequently useful for advanced troubleshooting on FortiGate. Although severa...

AlexC-FTNT · 05-19-2025

Description This article provides information about the color codes for firewall address objects and what color is tied to what integer value. Scope FortiGate. Solution The color codes are shown below: 1 is black. 2 is blue. 3 is green. 6 is red and ...

AlexC-FTNT · 01-15-2025

Description This article provides some information about the currently detected vulnerability and fixes available. Scope FortiGate. Solution See the FortiGuard page for information about CVE-2024-55591 The fix suggested is to upgrade to FortiOS 7.0.1...

AlexC-FTNT · 12-05-2024

Description This article describes the checklist of items for FortiGate to facilitate Let's Encrypt ACME certificate provisioning. Scope FortiGate v7.0+ Solution Complete checklist and limitations for Let's Encrypt ACME certificate provisioning: Port...

AlexC-FTNT · 10-08-2024

Description This article describes that the 'By sequence' view is either available after a migration from another vendor or manually set up in CLI. Follow this article for details: Technical Tip: Configure sequence grouping for firewall policies for ...

AlexC-FTNT · 10-14-2025

Entering Extended Passive Mode -- simply says that it tries to open a new session for that port number. About the trailing delimiter, per RFC 2428 it must exist: 229 Entering Extended Passive Mode (||||) So if you don't see this in a packet capture o...

AlexC-FTNT · 10-14-2025

I doubt the "exact issue" is the best wording here. I am running multiple FTP servers over FG with 7.2.12 without facing this problem. Filezilla in my case uses PASV command on every server connection. EPSV is used in IPV6 only. Check your inspection...

AlexC-FTNT · 10-14-2025

I'm not sure what feature exactly puts the ports in blocked state, I would expect the STP to do that. In which case, to bring the ports up it would still take 50-60s to cycle through the STP states and bring the ports up (only if the other ports are ...

AlexC-FTNT · 10-12-2025

The first step before everything is to bring that firmware into the real world (at least 7.2.12, and recommended 7.4.8) and start troubleshooting from there. The issue may have been fixed already.

AlexC-FTNT · 10-12-2025

Hi! The recommendations are the same for all other vendors: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Aggregate-link-configuration-topologies-in-a-High/ta-p/200980 1 LAG in switch and set lacp-ha-secondary disable -- will increase fai...

User Statistics

User Activity

Technical Tip: Usage of 'fnsysctl' Command with Examples and Requirements

Technical Tip: Object color codes of firewall address object for CLI

Technical Tip: Upgrade to FortiOS 7.0.17 to resolve vulnerability CVE-2024-55591

Troubleshooting Tip: ACME certificate provisioning

Technical Tip: Design change on grouping policies in sequence groups

Re: Illegal port number in EPSV reply

Re: Illegal port number in EPSV reply

Re: Best practice for LACP between Fortigate HA and Aruba VSX

Re: Illegal port number in EPSV reply

Re: Best practice for LACP between Fortigate HA and Aruba VSX

Technical Tip: FortiGate and ZSTD implementation (...

Technical Tip: Hardware switch, Software switch, V...

Technical Tip: FortiOS Unsupported feature: 'Is it...

Technical Tip: Usage of 'fnsysctl' Command with Ex...

Troubleshooting Tip: FortiGate blocking SIP INVITE...

Re: Best practice for LACP between Fortigate HA an...

Re: msg="User shutdown the device from forticron. ...

Re: Best Practices for FortiGate HA Pair Setup wit...

Re: How to connect two IPoE lines

Re: How to configure SDWAN pasive - active by CLI

KCS

Fortinet Training Institute

User Statistics

User Activity

You are leaving our website