Technical Tip: How to access Webproxy via the ZTNA...

msolanki · 11-19-2024

Description This article describes how to fix an issue where the DLP fingerprint does not block sensitive files by correctly configuring sensitivity in the DLP fingerprint database. Scope FortiGate. Solution DLP fingerprinting can be configured to de...

msolanki · 10-14-2024

Description This article describes how to configure and mark IPsec ESP traffic Differentiated Services Code Point. Scope FortiGate. Solution IPSec Encapsulating Security Payload(ESP) traffic can be prioritized through the Differentiated Services Code...

msolanki · 09-26-2024

Description This article describes if a downstream device in the Security Fabric does not establish the connection due to a certificate issue. Scope FortiGate. Solution Sometimes, especially in FortiGate-VM environments including the public cloud aft...

msolanki · 08-29-2024

Description This article describes how to view the usage of per-core CPU. Scope FortiGate 7.0 and above. Solution If hardware has multiple CPU cores then usage of each core can be viewed via GUI dashboard. On the top left corner go to Dashboard -> St...

msolanki · 07-05-2024

Description This article describes the implementation of QKD for site-to-site IPSec VPN. Scope FortiOS 7.4.2. Solution Quantum Key Distribution(QKD) can be used in FortiGate IPsec configuration to manage the key between two endpoint tunnels via Key M...

msolanki · 12-10-2024

please tried to disable Anti-replay of phase-2 and check the RDP server setting too. KB in sslvpn case but check setting for RDP server https://community.fortinet.com/t5/FortiGate/Technical-Tip-Windows-RDP-connection-dropped/ta-p/197443?externalID=FD...

msolanki · 11-21-2024

Hi Reshan, Yes its supported now also ...if its not work then you can raise tac case to check it further

msolanki · 11-21-2024

Hello, There is no specific MTU setting for Azure and if you are facing performance issues the it could some other reason to including if any DOS policy and performance issue But for MTU you can try to change the MTU size in interface and test it and...

msolanki · 10-14-2024

Hi Umesh, You can run the command mention and in about it generally shows "allowed by and policy ID number which indicates the traffic passing through which policy. regarding command diagnose debug console timestamp enable -it enables the time stamp ...

msolanki · 09-26-2024

Hi Mortin, ZTAN or full ZTNA you can use Access proxy or TCP forward proxy which also use certificate-based Authentication were you might not even required to connect via ipsec and enable the tagging. https://docs.fortinet.com/document/fortigate/7.6....

User Statistics

User Activity

Technical Tip: How to troubleshoot database sensitivity in DLP fingerprint not blocking

Technical Tip: How to change or disable the DSCP marking for ESP traffic

Technical Tip: Security Fabric downstream device connection cannot be established due to Certificate CN mismatch

Technical Tip: How to check per core CPU usage via GUI CPU dashboard

Technical Tip: How to configure QKD (Quantum Key Distribution) for site to site IPsec key management

Re: VPN Connection Europe to Brasil

Re: FortiGate DDNS

Re: Best MTU Config for IPSec to Azure

Re: Debug command for understanding

Re: Forticlient EMS

Technical Tip: How to access Webproxy via the ZTNA...

Re: Debug command for understanding

Re: Fortinet ZTNA Proxy - FortiManager

Re: SSL VPN STUCK AT 98%

Re: FortiGuard Servers Down

Re: Fortigate on SD-WAN

Re: 3rd party DDNS configuration on 7.2.1

KCS