Troubleshooting Tip: Stop the captive portal trigg...

Patterson · 10-28-2025

Description This article describes how to use Failover sequence feature to get connected to a different PoP for the IPsec Instance. Scope FortiSASE. Solution In general, PoP selection is done based on eDNS/DNS lookup; however, there can be scenarios ...

Patterson · 10-16-2025

Description This article describes how to find firmware for an AWS instance from the support portal. Scope FortiAuthenticator-AWS. Solution While downloading firmware for an AWS instance from the support portal under Downloads/Firmware Images, the fi...

Patterson · 09-17-2025

Description This article describes the likely outcome of TLS version difference post-enabling FIPS-CC mode for GUI access. Scope FortiOS v7.2, v7.0. Solution By default, FortiGate supports tlsv1-1, tlsv1-2, tlsv1-3 for GUI access. Once enabling FIPS-...

Patterson · 03-02-2025

Description This article describes how to find the cause for traffic getting dropped with the error 'policy-4294967295 is not active'. Scope FortiGate. Solution When traffic is dropped due to a forward policy check fail, collect the flow debug. The i...

Patterson · 01-27-2025

Description This article describes how to enable assigning Threat levels for blocked categories. Scope FortiSASE. Solution It is possible to see an informational notification on Web-filter FortiGuard as mentioned below for the blocked category. It ha...

Patterson · 07-29-2023

Hi @yeowkm99 Based on the update, I understand that from Firewall Lan IP as a source your not able to ping other network. Also when you mentioned that from Lan to Lan reachability is fine, Was this validated from both direction? Is Nat enabled on the...

Patterson · 07-18-2023

@Akmostafa , Can you confirm if your have the FGT added to FAZ(which is having IOC license). Also check if the blocked user source is getting listed for the below command. diag user quarantine list or diag user banned-ip list

Patterson · 07-16-2023

Hi @joshow , I missed the part of cert error mentioned. As checked the CN/SNI in SSL certificate we not get matched even with deep-inspection. Suggesting to use Web-filter along with DNS-filter. Regards, Patterson

Patterson · 07-16-2023

Hi @joshow , I understand that your looking for a replacement message if the DNS filter is blocking the access based on your configuration. Since this is a DNS query initiated, FGT can't responds back with http responds. Instead we have the option to...

Patterson · 01-05-2023

Hi Vassilis, I think we got the issue !!! Please change the Action execution from Parallel to Sequential. The issue was occurring for me also, when set to parallel... Regards, Patterson

User Statistics

User Activity

Technical Tip: How to use Failover sequence feature to get connected to a different PoP for IPsec Instance

Troubleshooting Tip: How to find FortiAuthenticator firmware for AWS instance in support portal

Troubleshooting Tip: TLS Version difference post enabling FIPS-CC mode for GUI access

Troubleshooting Tip: Traffic denied by forward policy check, iPrope check logs show 'not active'

Technical Tip: Unassigned Threat Level for Blocked Category

Re: FG100F LAN interface traffic

Re: Denied traffic on non utm non implicit policy

Re: DNS Filtering

Re: DNS Filtering

Re: %%result%% is not working in Body of Email

Troubleshooting Tip: Stop the captive portal trigg...

Technical Tip: How to Troubleshoot 'No ARP Reply f...

Technical Tip: How to troubleshoot FortiClient (FC...

Technical Tip: How to perform an SSL VPN debug on ...

Technical Tip: How to restore Image via URL/HTTP

Re: %%result%% is not working in Body of Email

KCS

User Statistics

User Activity

You are leaving our website