Fortinet Community

scheuri · 02-24-2022

Hello all I have an odd issue:I have TWO different cluster of fortigates (four fortigate 1100E altogether, two active/passive cluster). On each of those cluster the port 25 and port 26 are aggregated to one interface.Now it turns out that the MAC add...

scheuri · 02-23-2022

Hello all Is it possible to add (external/thirdparty) lists of BotNet IP addresses in the AMP/AV profile or the IPS sensor? As far as I can see it is possible to add thirdparty/external AV-Lists, however, I am not sure if AMP/AV does check IP address...

scheuri · 02-16-2022

Dear allI have a VRRP related question which I trying to find some insights. Setup/Situation:We have TWO Fortigate clusters (each cluster with two nodes in active/passive HA).Cluster A is the primary cluster and is supposed to do all the work, all th...

scheuri · 12-10-2021

Dear communityI likely have a very specific issue that might be completly "normal", I just want to make sure I have my bases covered... Situation:We have two clusters (four fortigates in total) in two different data centers (dc 1 and dc 2). About a d...

scheuri · 12-08-2021

Dear community My question is:Does a VRRP-IP (the "gateway") generally answer to ping/icmp requests (or not)? We have four fortigates in two datacenters (in each datacenter is an active/passive cluster). On each of those clusters are the same vlans c...

scheuri · 02-27-2022

Thank you AlexC for both links. I was indeed not aware that one can use external lists in the firewall policy itself as source or destination.The second link I already was aware of and if I am reading that article correctly, then an external threat f...

scheuri · 02-24-2022

Hello Ede Absolutely - that was certainly my fault for not searching thoroughly enough. I should have found that article/passage/chapter on my own and earlier. However, the second question only arose as I changed the group-id and the change weren't "...

scheuri · 02-24-2022

My apologies.It appears that I was impatient. It worked!After changing the HA group-id (and a reboot, which might not have been necessary) I got another virtual MAC address for the aggregated interface. Thank you very much for your help, much appreci...

scheuri · 02-24-2022

Hello akristofThank you very much for your reply, much appreciated. This means that changing the HA group-id in one cluster should change the (virtual) MAC addresses. Is a reboot required? Or restart of services?I am unsure as I don't see any indicat...

scheuri · 02-17-2022

Thank you Toshi for your reply. I will try and do some more tests (with flow and sniffs to check the exact pattern).I do agree with you somewhat. I am just not sure yet how I can wrap my head around the fact that the icmp packets actually hit the int...

Fortinet Community

User Statistics

User Activity

Same MAC for aggregated interface on two different cluster?

External BotNet Lists in AMP Profil or IPS Sensor?

VRRP - how does the "backup" answer?

Async routing with specific fg cluster access and VRRP

VRRP-IP and icmp or ping reponses

Re: External BotNet Lists in AMP Profil or IPS Sensor?

Re: Same MAC for aggregated interface on two different cluster?

Re: Same MAC for aggregated interface on two different cluster?

Re: Same MAC for aggregated interface on two different cluster?

Re: VRRP - how does the "backup" answer?

Re: External BotNet Lists in AMP Profil or IPS Sen...

Re: Same MAC for aggregated interface on two diffe...

Re: USB Console

News & Articles

Security Research

Company

Contact Us