Description This article explains how to set up Microsoft Entra Domain
Services with secure LDAP and connect it to FortiGate. Follow the steps
to add a custom domain, configure Entra Domain Services, enable secure
LDAP, and import certificates. Comma...
Description This article is designed to automate the backup process of a
FortiGate device's configuration to a TFTP server. It utilizes SSH to
connect to the FortiGate and execute the backup command periodically at
a specified interval. The script al...
Description This article describes how to access the internal resources
using IPv4 internally, using IPv6 for external access. Usually, IPv4 is
used for external access into the network and creates a VIP to forward
traffic internally. This article wi...
Description This article describes how to remove MultiFactor
Authentication for admin users in FortiGate FortiToken, which can be
used to regain lost access to the FortiGate. Note: Completely disabling
MFA poses significant security risks and should ...
Hi @Staphisco - Yes, it will essentially become a separate network, so
you'll need to allow it on the FortiGate depending on your
configuration. Where are you getting your DHCP from, is it also from the
FortiGate?You might try making the hardware swi...
Hi @grod777 - Glad to hear that it's working now. It might have been due
to the initial session where traffic was routed out through the WAN
interface. The issue arises when creating a new session with the exit
interface set to IPSec, which can cause...
Hi @Dattatray - I think that's only possible if you format the device
with a 7.2.8 image and manually convert the config file, or use the
FortiConverter app to automatically handle the conversion. Upgrading and
downgrading have become more strict sta...
Hi @Staphisco - As far as I know, if your FortiSwitch is not part of
FortiLink, you cannot manage it directly from your FortiGate firewall.
So, FortiSwitch managed by FortiGate must be part of FortiLink. Since
it's standalone, you need to manage it d...
Hi @grod777 - In these results, it looks like you combined both the
underlay and overlay into a single SD-WAN zone. My hunch is that the
traffic might be getting routed through the IPSec tunnel instead of the
WAN interface since the route for the IPS...