Fortinet Community

aahmadzada · 06-09-2023

Description This article explains the difference between 'srcintf-filter' and 'extintf' in the VIP settings. Scope FortiOS, FortiProxy. Solution 'srcintf-filter' and 'extintf' definitions in the VIP settings often bring confusion. 'extintf' is intend...

aahmadzada · 04-17-2023

Description This article describes how to configure web mode SSL VPN to follow the SD WAN rules when it comes to the selection of the proper egress interface in order to reach the destination. Scope FortiGate. Solution Starting from FortiOS 6.2.6 and...

aahmadzada · 11-15-2022

Description This article describes that the application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile. Scope FortiOS. Solution If an FQDN (for example sls.update.microsoft...

aahmadzada · 11-08-2022

Description This article describes the configuration steps necessary to apply FSSO rules to SSL VPN users. Scope FortiOS 7.0 and newer versions. Solution FSSO rules can be used for the traffic generated by remote access VPN users. In order to have a ...

aahmadzada · 10-06-2022

Description This article covers the configuration of two DNS servers along with the captive portal on two different interfaces of FortiGate. Scope FortiOS 7.0.6 and newer versions. Solution On FortiOS versions prior to 7.0.6, it was possible to confi...

aahmadzada · 08-23-2023

Hi, "my plan was for the FG to have a single gateway IP" IMHO it goes against multilink SDWAN concept, as with the SDWAN, you have several different ISP uplinks that are being logically grouped in order to perform the traffic routing/balancing across...

aahmadzada · 08-23-2023

Hi Jim, SNAT cannot be applied to the self-originated traffic within one vdom.If you specifically need to implement the design, i could recommend you to create two vdoms, let`s say ipsec and root. root and ipsec vdoms will connect via an intervdom li...

aahmadzada · 08-23-2023

Hi,Correct, SPAN port can be configured as a part of a switch interface. Switch interface as any other one can be used as a WAN interface, but you will have to redo the entire configuration and probably the design of the connections. Regards,

aahmadzada · 06-06-2023

Following up, it is possible.Here is the KB article for that:https://community.fortinet.com/t5/FortiGate/Technical-TIp-Configure-Fortinet-Single-Sign-On-FSSO-for-SSLVPN/ta-p/229274

aahmadzada · 05-23-2023

Good day Yurisk,When it comes to the Admin Guides and etc., please follow up with the Grahams suggestion.When it comes to that specific KB article, I believe there is a typo and I have submitted the correction. Thank you for pointing out this. Ahmad

Fortinet Community

User Statistics

User Activity

Technical Tip: Firewall VIP - difference in 'srcintf-filter' and 'extintf'

Technical Tip: Web mode SSL VPN supports SD WAN rules

Technical Tip: Application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile

Technical Tip: Configure Fortinet Single Sign On (FSSO) for SSL-VPN users via Syslog

Technical Tip: FortiGate configured with multiple captive portals and as a DNS server

Re: SD-WAN and VRRP for default gateway redundancy - question

Re: Terminate site-to-site IPSec VPN tunnel on loopback interfaces - Fortigate <-> Fortigate

Re: Mirror WAN Port on FG-201F

Re: VPN+SSO possible?

Re: Is there a way to make feedback on the official documentation?

Re: Non-FortiLink interfaces should not have multi...

Re: FortiGate L2TP/IPsec with RADIUS authenticatio...

Re: VLAN/DHCP over Site to site VPN

Re: Fortigate 60D ISP speed limit

Re: FortiOS explicit Proxy Kerberos Authentication...

Re: FortiGate L2TP/IPsec with RADIUS authenticatio...

Re: FortiSwitch - Configuring multiple SYSLOG serv...

Re: FortiGate 200D - Log Disk issue on HA2

Re: forticlient SSO android app changes the user

Re: FortiClient does not have "Push" option when u...

KCS