Dear all We have a Fortigate VM in Azure (6.4.10) which is supposed to
have about six (6) IPSec tunnels to ZScaler.The reason for that many
tunnels: Each tunnel is supposed to only offer 400 Mbit/s (we tested 1
Gbit/s, but its still not enough). This...
Hello all Our clients have a phone software installed which needs
internet connection.There are several firewall policies in place to
allow said phone software to connect to several internet places. The
producer of the phone software needs us to allo...
Hello everyone Likely a stupid question:I have (at the moment two) VMs
in Azure and I would like to re-deploy them - can I re-use the licenses?
Of course I am deleting the VMs beforehand, I am not sing the licenses
several times - I am just not sure ...
Hello all We have a fortigate vm cluster in Azure which we like to split
up into two standalone vm's.Reason: Some restrictions in cluster config
that can be solved using standalone vms. I have managment connection via
port4 and a dedicated IP (in the...
Hello all We have a FG100E on 6.4.9 which has all its LAN-Ports (16)
configured in a hardware switch.It also offers DHCP for all the devices
that are connected to one of those ports. Is there a way to isolate the
ports, so they don't "crosstalk", but...
Good day Adrian Thank you SO much for your reply.I didn't add the
underlay (internet connection) as SDWAN zone. I first tried to just add
the IPsec tunnels to a SD-WAN Zone and gave them (in the SD-WAN-Zone as
members) a fake/dummy IP address. And th...
Thank you very much for the information about the ISDB, much
appreciated.As for the client - we will investigate some more. The web
based application uses several wildcard domains and those are working
(meaning: they are getting populated with IP add...
Hello gfleming The clients (laptops - no phones per se) use an internal
DNS server.Those internal DNS servers are reachable over a VPN that is
established on the branch fortigate. The reason why I think some of the
DNS requests get "hidden" of sorts ...
Hello abarushka My apologies:I was refereing to the "out of band
Management" IP addresses which are (partially) configured in "system
ha". Those are not mentioned in the documentation when you are having a
single box (those are only mentioned in the ...