Re: on-prem Fortigate can't reach EC2 VM via AWS F...

syao · 05-11-2025

Description This article describes how to troubleshoot when encountering 'ERR_EMPTY_RESPONSE' message after attempting to access the FortiGate outside interface for HTTPS management access via TCP port 443. Scope 7.6.1 and above. Solution When a Fort...

syao · 03-06-2025

Description This article describes how to import LDAP user by searching username. Scope FortiAuthenticator. Solution Ensure the configuration for the remote LDAP server is correct in Authentication -> Remote Auth Servers -> LDAP: Configure the remote...

syao · 01-09-2025

Description This article explains how to adjust the negotiation timeout for the IPsec tunnel on a FortiGate device. Scope FortiOS 6.2 and above Solution By default, the FortiGate IPsec negotiation has a 30-second timeout. This means the FortiGate wil...

syao · 01-03-2025

Description This article describes why FortiGate is generating the System Event log 'Threat feed overflow'. Scope FortiOS 7.4.4/7.6.0 and above. Solution The log id 22224 refers to 'Threat feed overflow' and will be generated when your threat feed ex...

syao · 11-20-2024

Description This article explains how to configure application control to block traceroute while allowing ping. Scope FortiGate v6.4.X, v7.X. Solution Blocking traceroute (when it uses ICMP instead of UDP) using a service object with a firewall polic...

syao · 05-19-2024

If it still does not work after creating a VIP and firewall policy, I suggest collecting the debug flow from the FortiGate while you reproduce the issue.https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38044/using-the-debug-flo...

syao · 04-25-2024

I suggest running the sslvpn debug in the FortiGate while you connect to the VPN to check why the connection fails. diag debug resetdiag vpn ssl debug-filter src-addr4 diag deb app sslvpn -1diag deb console timestamp enablediag deb enableTo troublesh...

syao · 03-24-2024

Hello Hassan, I suggest running a debug flow and verify if the packets are allowed/blocked by the FortiGate: diag debug flow filter clear diag debug flow filter addr 172.30.1.138 anddiag debug flow filter proto 1 diag debug flow trace start 100diag ...

syao · 02-25-2024

I suggest running a debug flow and a packet sniffer to verify if the traffic is hitting your PBR rule, also make sure to turn off the offloading at the policy level to see them when you're debugging:https://community.fortinet.com/t5/FortiGate/Trouble...

syao · 01-21-2024

Hello Spike, It seems you're checking this log from the Application Control log view, in which the mac address would not appear. Did you try to check it from the Forward traffic logs? If you still don't see the MAC address from the Forward traffic lo...

User Statistics

User Activity

Troubleshooting Tip: Getting 'ERR_EMPTY_RESPONSE' when accessing FortiGate WAN interface for HTTPS management access after configuring IPsec VPN

Technical Tip: Import user in FortiAuthenticator using by searching username

Technical Tip: Adjusting IPsec Negotiation timeout

Troubleshooting Tip: Getting System Event log 'Threat feed overflow'

Technical Tip: How to allow ping and block traceroute with app control

Re: FortiGate - setup ZKTeco Biometrics to VM server

Re: ForitiClient Status stop at 48%