Description This article describes the method to create and implement a
security profile group inside the policy. Scope FortiGate. Solution
Depending upon the mode of operation of the firewall whether it is
operating on Profile-based NGFW which is al...
Description This article describes methods to choose SIP-ALG and Session
Helper. Scope SIP ALG/Session Helper. Solution By default, FortiGate is
using SIP ALG to process SIP traffic however some SIP providers
recommend disabling SIP ALG in the firewa...
Description This article describes the additional steps required to
replace the AS-PATH for any received BGP prefix for redistribution to
another BGP peer. As a general practice, BGP provides the capability of
using AS-OVERRIDE in situations where th...
Description This article describes the situation where there is a need
to delete MGCP and H323 protocols under session helper. Scope SIP is the
most widely used signaling protocol when it comes to VOIP traffic,
however there are a few other protocols...
Description This article describes the situation where there is a need
to customize the DSCP configuration at FortiGate. Scope Solution Many
times there is a situation where the IPSEC tunnel is stable and
routing/policy is also correctly configured b...
Hello, If you do not want to use any external VPN client, you can try to
use the inbuilt VPN with MS windows. Please refer to the below link and
see if this helps you.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/232068/pptp-and-l2tp
h...
Hello, As a best practice to use Explicit proxy, one should set the
explicit web proxy and explicit FTP proxy Default Firewall Policy Action
to Deny. This means that a firewall policy is required to use these
explicit proxies, allowing to control acc...
FortiGate Differentiated Services feature can be used to change the DSCP
(Differentiated Services Code Point) value for all packets accepted by a
policy. The network can use these DSCP values to classify, mark, shape,
and police traffic, and perform ...
Hello, SSL inspection feature comes by default and there is no separate
license to activate SSL inspection. However, if somebody wants to do an
SSL inspection for any data traffic but does not have any UTM
profiles(license required) attached to that ...
Hello, Not sure of the resolved issue section of the release note as to
why it is not mentioned there but Yes, this issue is confirmed resolved
in FortiOS 6.4.9. Thanks Atul