Hi. That company's IPSec setting may miss "nat traversal" configuration?
Then you can not be behind a NAT:ed firewall. More unlikely you have
some config in your fw that blocks IPSec. Check with packet capture on
outside interface if you get response...
Hi. Looks like Fortiswitch has LACP "active" and in Nexus it is
"passive". Try change Nexus ports to "channel group .. mode on". Why do
you use two port-channels between the switches? With this setup one of
the connection will be STP blocked (on VLAN...
Hi. QoS is an "end to end" thing. It may have little or no effect to
just enable it. Have you identified that packet loss occur in the
firewall or neighbouring interfaces (queue drops)?A regular traffic
shaper in the firewall may be best solution if ...
Hi. An attempt to talk to a CnC (BotNet) address does not necessary mean
that the client has an infection. It may be an relay from a link on some
webpage (like social media f.e.) that user clicked. Hopefully the fw
blocked it. /C