Re: on-prem Fortigate can't reach EC2 VM via AWS F...

syao · 11-20-2024

Description This article explains how to configure application control to block traceroute while allowing ping. Scope FortiGate v6.4.X, v7.X. Solution Blocking traceroute (when it uses ICMP instead of UDP) using a service object with a firewall polic...

syao · 11-08-2024

Description This article describes how to verify that the Public IP and Route Table have successfully transferred to the new primary FortiGate in an Azure High Availability (HA) setup with SDN connector. Scope FortiGate-VM in Azure Solution Assuming ...

syao · 10-10-2024

Description This article describes how to use the SD-WAN rule input-device negate feature so that the SD-WAN rule would only take effect if the incoming traffic hits the specific interface not listed in the input-device. Scope FortiGate v6.4, v7.0, v...

syao · 10-10-2024

Description This article describes how to use the SD-WAN rule input-device feature so that the SD-WAN rule would only take effect if the incoming traffic hits the specific interface. Scope FortiGate v6.4, v7.0, v7.2, v7.4, v7.6. Solution In the follo...

syao · 09-06-2024

Description This article describes how to use a VIP object in FortiGate for bidirectional traffic when the requirement involves a specific Phase 2 selector, without needing to use an IP Pool for SNAT. This setup is typically necessary for business-to...

syao · 05-19-2024

If it still does not work after creating a VIP and firewall policy, I suggest collecting the debug flow from the FortiGate while you reproduce the issue.https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38044/using-the-debug-flo...

syao · 04-25-2024

I suggest running the sslvpn debug in the FortiGate while you connect to the VPN to check why the connection fails. diag debug resetdiag vpn ssl debug-filter src-addr4 diag deb app sslvpn -1diag deb console timestamp enablediag deb enableTo troublesh...

syao · 03-24-2024

Hello Hassan, I suggest running a debug flow and verify if the packets are allowed/blocked by the FortiGate: diag debug flow filter clear diag debug flow filter addr 172.30.1.138 anddiag debug flow filter proto 1 diag debug flow trace start 100diag ...

syao · 02-25-2024

I suggest running a debug flow and a packet sniffer to verify if the traffic is hitting your PBR rule, also make sure to turn off the offloading at the policy level to see them when you're debugging:https://community.fortinet.com/t5/FortiGate/Trouble...

syao · 01-21-2024

Hello Spike, It seems you're checking this log from the Application Control log view, in which the mac address would not appear. Did you try to check it from the Forward traffic logs? If you still don't see the MAC address from the Forward traffic lo...

User Statistics

User Activity

Technical Tip: How to allow ping and block traceroute with app control

Troubleshooting Tip: Verifying the Transfer of Public IP and Route Table Entry to the New Primary in FortiGate Azure HA

Technical Tip: How to use SD-WAN rule input-device-negate

Technical Tip: How to use SD-WAN rule input-device

Technical Tip: Using VIP with specific phase2 selectors for bidirectional traffic requirements

Re: FortiGate - setup ZKTeco Biometrics to VM server

Re: ForitiClient Status stop at 48%

Re: on-prem Fortigate can't reach EC2 VM via AWS Fortigate IPSEC

Re: Policy based routing questions

Re: Show MAC address in Forticloud logs

Re: on-prem Fortigate can't reach EC2 VM via AWS F...

Technical Tip: How to allow Wake On LAN (WoL) from...

Re: FortiGate - setup ZKTeco Biometrics to VM serv...

Re: ForitiClient Status stop at 48%

Re: Policy based routing questions

KCS