Hi. Fortigate will inspect all passing DNS traffic if the DNS filter
feature is enabled on policy. You do not need to use the FG as DNS
server/forwarder. (Still that may be benificial, especially if internal
DNS server is on other side of VPN/SD-WAN....
This could be caused by payload fragmentation. If traffic is TCP; try
manipulate the TCP-MSS on the firewall policy that match this traffic.
Do this on both sides of the tunnel.# config firewall policyedit tcp-mss-sender tcp-mss-receiver I usually te...
I beleive you cannot use that "simple" design with termination directly
to Azure VPN. The Fortigate removes routes for down tunnels and can then
send traffic the tunnel that is still up. The command "monitor" in VPN
is used to keep second tunnel down...
Hi. That company's IPSec setting may miss "nat traversal" configuration?
Then you can not be behind a NAT:ed firewall. More unlikely you have
some config in your fw that blocks IPSec. Check with packet capture on
outside interface if you get response...
