Hello all We have a FG100E on 6.4.9 which has all its LAN-Ports (16)
configured in a hardware switch.It also offers DHCP for all the devices
that are connected to one of those ports. Is there a way to isolate the
ports, so they don't "crosstalk", but...
Hi all I am somewhat stumped about this issue and I am not sure where to
start looking. Problem:There is an app with automatic checks to the
internet which also automatically repeats dns queries to our internal
dns servers. Those queries come from fi...
Hello all I have an odd issue:I have TWO different cluster of fortigates
(four fortigate 1100E altogether, two active/passive cluster). On each
of those cluster the port 25 and port 26 are aggregated to one
interface.Now it turns out that the MAC add...
Hello all Is it possible to add (external/thirdparty) lists of BotNet IP
addresses in the AMP/AV profile or the IPS sensor? As far as I can see
it is possible to add thirdparty/external AV-Lists, however, I am not
sure if AMP/AV does check IP address...
Dear allI have a VRRP related question which I trying to find some
insights. Setup/Situation:We have TWO Fortigate clusters (each cluster
with two nodes in active/passive HA).Cluster A is the primary cluster
and is supposed to do all the work, all th...
Hello xsilverThanks for your reply. We were able to reproduce the issue
and the unfortunate chain of events really lead to the situation as
pminarik described. After we added the blackhole routes, the issue was
gone. Unfortunately I have no idea why ...
Dear pminarik Thank you very much for your reply, very much
appreciated!This is indeed a secenario I wasn't thinking of. I will need
to investigate whether the routing situation happens when the internet
goes down (routing the DNS queries to the inte...
Thank you AlexC for both links. I was indeed not aware that one can use
external lists in the firewall policy itself as source or
destination.The second link I already was aware of and if I am reading
that article correctly, then an external threat f...
Hello Ede Absolutely - that was certainly my fault for not searching
thoroughly enough. I should have found that article/passage/chapter on
my own and earlier. However, the second question only arose as I changed
the group-id and the change weren't "...
My apologies.It appears that I was impatient. It worked!After changing
the HA group-id (and a reboot, which might not have been necessary) I
got another virtual MAC address for the aggregated interface. Thank you
very much for your help, much appreci...