Description The article describes how the MIME tag works for email
traffic. Solution Config snip on FortiGate: # config emailfilter profile
edit "default" config imap set action tag set tag-msg "SpamByFGT:IMAP"
end config pop3 set action tag set tag-...
Description This article describes how to to clear sessions in the
proxy. Solution # diagnose wad session list <----- Display the current
session. # diagnose wad session clear <----- Clear the current session.
If the requirement is to clear only a sp...
Description This article describes how to authenticate users with SAML
before allowing traffic. Solution Azure AD as SAML IDP is used in this
scenario. Any SAML IDP will work by changing the IDP URLs. Configuration
for FortiGate[SP]: Creating SAML SP...
Description This article describes how to fix the error: 'Incorrect
proxy service was requested'. Scope Accessing VIP via explicit proxy.
Solution Create a proxy policy as below: 1) Destination interface as
'Internal' <----- Where the real server is....
You can use "diagnose vpn tunnel flush " to clear the SA's from
both ends. After which just initiating a ping from a machine behind 60E
should bring up the tunnel.
The only option I can suggest now is to disable the tunnel to bring down
the connection and initiate traffic from the 60E end so the tunnel comes
up using NAT-T[4500], I can see from the sniffer it's still using port
500.
Please collect the below sniffer output at both 20C and 60E. "diag
sniffer packet any 'host ' 6 0 a"With which you can
confirm if ESP packets are arriving.On 20C and 60E, are other IPSec
tunnels working fine? If you have a 3rd device, is it possible ...
Can you try forcing both sides to use
NAT-T.https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-nattraversal/ta-p/197873?externalID=FD48755
From the CLI, can you check the output of "get router info routing-table
details " to view the route which is taking and check if it's
the correct one?