Re: on-prem Fortigate can't reach EC2 VM via AWS F...

syao · 01-09-2025

Description This article explains how to adjust the negotiation timeout for the IPsec tunnel on a FortiGate device. Scope FortiOS 6.2 and above Solution By default, the FortiGate IPsec negotiation has a 30-second timeout. This means the FortiGate wil...

syao · 01-03-2025

Description This article describes why FortiGate is generating the System Event log 'Threat feed overflow'. Scope FortiOS 7.4.4/7.6.0 and above. Solution The log id 22224 refers to 'Threat feed overflow' and will be generated when your threat feed ex...

syao · 11-20-2024

Description This article explains how to configure application control to block traceroute while allowing ping. Scope FortiGate v6.4.X, v7.X. Solution Blocking traceroute (when it uses ICMP instead of UDP) using a service object with a firewall polic...

syao · 11-08-2024

Description This article describes how to verify that the Public IP and Route Table have successfully transferred to the new primary FortiGate in an Azure High Availability (HA) setup with SDN connector. Scope FortiGate-VM in Azure Solution Assuming ...

syao · 10-10-2024

Description This article describes how to use the SD-WAN rule input-device negate feature so that the SD-WAN rule would only take effect if the incoming traffic hits the specific interface not listed in the input-device. Scope FortiGate v6.4, v7.0, v...

syao · 05-19-2024

If it still does not work after creating a VIP and firewall policy, I suggest collecting the debug flow from the FortiGate while you reproduce the issue.https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38044/using-the-debug-flo...

syao · 04-25-2024

I suggest running the sslvpn debug in the FortiGate while you connect to the VPN to check why the connection fails. diag debug resetdiag vpn ssl debug-filter src-addr4 diag deb app sslvpn -1diag deb console timestamp enablediag deb enableTo troublesh...

syao · 03-24-2024

Hello Hassan, I suggest running a debug flow and verify if the packets are allowed/blocked by the FortiGate: diag debug flow filter clear diag debug flow filter addr 172.30.1.138 anddiag debug flow filter proto 1 diag debug flow trace start 100diag ...

syao · 02-25-2024

I suggest running a debug flow and a packet sniffer to verify if the traffic is hitting your PBR rule, also make sure to turn off the offloading at the policy level to see them when you're debugging:https://community.fortinet.com/t5/FortiGate/Trouble...

syao · 01-21-2024

Hello Spike, It seems you're checking this log from the Application Control log view, in which the mac address would not appear. Did you try to check it from the Forward traffic logs? If you still don't see the MAC address from the Forward traffic lo...

User Statistics

User Activity

Techinical Tip: Adjusting IPsec Negotiation timeout

Troubleshooting Tip: Getting System Event log 'Threat feed overflow'

Technical Tip: How to allow ping and block traceroute with app control

Troubleshooting Tip: Verifying the Transfer of Public IP and Route Table Entry to the New Primary in FortiGate Azure HA

Technical Tip: How to use SD-WAN rule input-device-negate

Re: FortiGate - setup ZKTeco Biometrics to VM server

Re: ForitiClient Status stop at 48%