Re: Non-FortiLink interfaces should not have multi...

aahmadzada · 06-09-2023

Description This article describes the difference between 'srcintf-filter' and 'extintf' in the VIP settings. Scope FortiOS, FortiProxy. Solution 'srcintf-filter' and 'extintf' definitions in the VIP settings often bring confusion. 'extintf' is inten...

aahmadzada · 04-17-2023

Description This article describes how to configure web mode SSL VPN to follow the SD WAN rules when it comes to the selection of the proper egress interface in order to reach the destination. Scope FortiGate. Solution Starting from FortiOS 6.2.6 and...

aahmadzada · 11-15-2022

Description This article describes that the application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile. Scope FortiOS. Solution If an FQDN (for example sls.update.microsoft...

aahmadzada · 11-08-2022

Description This article describes the configuration steps necessary to apply FSSO rules to SSL VPN users. Scope FortiOS 7.0 and newer versions. Solution FSSO rules can be used for the traffic generated by remote access VPN users. In order to have a ...

aahmadzada · 10-06-2022

Description This article desrcibes the configuration of two DNS servers along with the captive portal on two different interfaces of FortiGate. Scope FortiOS 7.0.6 and newer versions. Solution On FortiOS versions prior to 7.0.6, it was possible to co...

aahmadzada · 11-29-2023

Hi, In the proxy policy, you can select the outgoing interface. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/300428/explicit-web-proxy Ahmad

aahmadzada · 08-23-2023

Hi, "my plan was for the FG to have a single gateway IP" IMHO it goes against multilink SDWAN concept, as with the SDWAN, you have several different ISP uplinks that are being logically grouped in order to perform the traffic routing/balancing across...

aahmadzada · 08-23-2023

Hi Jim, SNAT cannot be applied to the self-originated traffic within one vdom.If you specifically need to implement the design, i could recommend you to create two vdoms, let`s say ipsec and root. root and ipsec vdoms will connect via an intervdom li...

aahmadzada · 08-23-2023

Hi,Correct, SPAN port can be configured as a part of a switch interface. Switch interface as any other one can be used as a WAN interface, but you will have to redo the entire configuration and probably the design of the connections. Regards,

aahmadzada · 06-06-2023

Following up, it is possible.Here is the KB article for that:https://community.fortinet.com/t5/FortiGate/Technical-TIp-Configure-Fortinet-Single-Sign-On-FSSO-for-SSLVPN/ta-p/229274

User Statistics

User Activity

Technical Tip: Firewall VIP - difference in 'srcintf-filter' and 'extintf'

Technical Tip: Web mode SSL VPN supports SD WAN rules

Technical Tip: Application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile

Technical Tip: Configure Fortinet Single Sign On (FSSO) for SSL-VPN users via Syslog

Technical Tip: FortiGate configured with multiple captive portals and as a DNS server

Re: #Fortigate Explicit Proxy Routing

Re: SD-WAN and VRRP for default gateway redundancy - question

Re: Terminate site-to-site IPSec VPN tunnel on loopback interfaces - Fortigate <-> Fortigate

Re: Mirror WAN Port on FG-201F

Re: VPN+SSO possible?

Re: Non-FortiLink interfaces should not have multi...

Technical Tip: Configure Fortinet Single Sign On (...

Technical Tip: Firewall VIP - difference in 'srcin...

Re: FortiGate L2TP/IPsec with RADIUS authenticatio...

Re: VLAN/DHCP over Site to site VPN

Re: FortiGate L2TP/IPsec with RADIUS authenticatio...

Re: MFA Timeout settings for third party authentic...

Re: FortiSwitch - Configuring multiple SYSLOG serv...

Re: FortiGate 200D - Log Disk issue on HA2

Re: forticlient SSO android app changes the user

KCS