Technical Tip: Configure Fortinet Single Sign On (...

aahmadzada · 06-09-2023

Description This article describes the difference between 'srcintf-filter' and 'extintf' in the VIP settings. Scope FortiOS, FortiProxy. Solution The Virtual IP settings 'srcintf-filter' and 'extintf' have different functions, and when customizing th...

aahmadzada · 04-17-2023

Description This article describes how to configure web mode SSL VPN to follow the SD WAN rules when it comes to the selection of the proper egress interface in order to reach the destination. Scope FortiGate. Solution Starting from FortiOS 6.2.6 and...

aahmadzada · 11-15-2022

Description This article describes that the application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile. Scope FortiOS. Solution If an FQDN (for example sls.update.microsoft...

aahmadzada · 11-08-2022

Description This article describes the configuration steps necessary to apply FSSO rules to SSL VPN users. Scope FortiOS 7.0 and newer versions. Solution FSSO rules can be used for the traffic generated by remote access VPN users. In order to have a ...

aahmadzada · 10-06-2022

Description This article describes a configuration where the FortiGate has multiple captive portal interfaces, each of which have their own separate FQDN for the authentication portal that clients are redirected to. This is paired with a DNS server (...

aahmadzada · 11-29-2023

Hi, In the proxy policy, you can select the outgoing interface. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/300428/explicit-web-proxy Ahmad

aahmadzada · 08-23-2023

Hi, "my plan was for the FG to have a single gateway IP" IMHO it goes against multilink SDWAN concept, as with the SDWAN, you have several different ISP uplinks that are being logically grouped in order to perform the traffic routing/balancing across...

aahmadzada · 08-23-2023

Hi Jim, SNAT cannot be applied to the self-originated traffic within one vdom.If you specifically need to implement the design, i could recommend you to create two vdoms, let`s say ipsec and root. root and ipsec vdoms will connect via an intervdom li...

aahmadzada · 08-23-2023

Hi,Correct, SPAN port can be configured as a part of a switch interface. Switch interface as any other one can be used as a WAN interface, but you will have to redo the entire configuration and probably the design of the connections. Regards,

aahmadzada · 06-06-2023

Following up, it is possible.Here is the KB article for that:https://community.fortinet.com/t5/FortiGate/Technical-TIp-Configure-Fortinet-Single-Sign-On-FSSO-for-SSLVPN/ta-p/229274

User Statistics

User Activity

Technical Tip: Firewall VIP - difference in 'srcintf-filter' and 'extintf'

Technical Tip: Web mode SSL VPN supports SD WAN rules

Technical Tip: Application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile