Troubleshooting Tip: Stop the captive portal trigg...

Patterson · 03-02-2025

Description This article describes how to find the cause for traffic getting dropped with the error 'policy-4294967295 is not active'. Scope FortiGate. Solution When traffic is dropped due to a forward policy check fail, collect the flow debug. The i...

Patterson · 01-27-2025

Description This article describes how to enable assigning Threat levels for blocked categories. Scope FortiSASE. Solution It is possible to see an informational notification on Web-filter FortiGuard as mentioned below for the blocked category. It ha...

Patterson · 10-08-2024

Description This article describes how to validate the on-fabric rule match status on endpoint using the Forticlient Diagnostic Tool. Scope FortiSASE. Solution Once the configuration is completed according to the following admin guide for on-fabric d...

Patterson · 08-26-2024

Description This article describes how to troubleshoot FortiClient (FCT) management connection issues with FortiSASE. Scope FortiSASE, EMS. Solution EMS is one of the backend components in FortiSASE, and FortiClient uses a telemetry connection for ma...

Patterson · 08-18-2024

Description This article describes how to perform an SSL VPN debug specific to a Point of Presence (PoP) in FortiSASE. Scope FortiSASE. Solution In FortiSASE, customer access to backend devices is limited, which restricts advanced troubleshooting cap...

Patterson · 07-29-2023

Hi @yeowkm99 Based on the update, I understand that from Firewall Lan IP as a source your not able to ping other network. Also when you mentioned that from Lan to Lan reachability is fine, Was this validated from both direction? Is Nat enabled on the...

Patterson · 07-18-2023

@Akmostafa , Can you confirm if your have the FGT added to FAZ(which is having IOC license). Also check if the blocked user source is getting listed for the below command. diag user quarantine list or diag user banned-ip list

Patterson · 07-16-2023

Hi @joshow , I missed the part of cert error mentioned. As checked the CN/SNI in SSL certificate we not get matched even with deep-inspection. Suggesting to use Web-filter along with DNS-filter. Regards, Patterson

Patterson · 07-16-2023

Hi @joshow , I understand that your looking for a replacement message if the DNS filter is blocking the access based on your configuration. Since this is a DNS query initiated, FGT can't responds back with http responds. Instead we have the option to...

Patterson · 01-05-2023

Hi Vassilis, I think we got the issue !!! Please change the Action execution from Parallel to Sequential. The issue was occurring for me also, when set to parallel... Regards, Patterson

User Statistics

User Activity

Troubleshooting Tip: Traffic denied by forward policy check, iPrope check logs show 'not active'

Technical Tip: Unassigned Threat Level for Blocked Category

Technical Tip: Validating On-Fabric Rule Match Status on Endpoints Using the FortiClient Diagnostic Tool

Technical Tip: How to troubleshoot FortiClient (FCT) management connection issue with FortiSASE

Technical Tip: How to perform an SSL VPN debug on a specific Point of Presence (PoP) in FortiSASE

Re: FG100F LAN interface traffic

Re: Denied traffic on non utm non implicit policy

Re: DNS Filtering

Re: DNS Filtering

Re: %%result%% is not working in Body of Email

Troubleshooting Tip: Stop the captive portal trigg...

Technical Tip: How to Troubleshoot 'No ARP Reply f...

Technical Tip: How to troubleshoot FortiClient (FC...

Technical Tip: How to perform an SSL VPN debug on ...

Technical Tip: How to restore Image via URL/HTTP

Re: %%result%% is not working in Body of Email

KCS

User Statistics

User Activity

You are leaving our website