Troubleshooting Tip: IPS engine manual update fail...

mriswan · 01-30-2025

Description This article explains how web browsing traffic flows for IPv6-only hosts when using NAT64 and DNS64. Scope FortiGate. Solution The example below demonstrates a basic IPv6 LAN setup with a DNS64 server. How it works: The user's device send...

mriswan · 12-26-2024

Description This article describes why the extended 'evaluation' license information does not automatically reflect on VM firewalls, despite having proper FortiGuard connectivity. Scope FortiGate-VM firewalls with 'evaluation license'. Solution An ev...

mriswan · 12-23-2024

Description This article describes the order of processing UTM profiles configured in firewall policies. Scope FortiGate. Solution FortiGate applies the inspection profiles in the following order: IPS. Application Control. VoIP. DLP. Antispam. Web Fi...

mriswan · 12-23-2024

Description This article describes how to troubleshoot traffic matched to the Implicit Deny policy not logged despite Policy Logging enabled. Scope FortiProxy. Solution It is expected to see below WAD debug if the traffic matches the implicit deny: [...

mriswan · 10-28-2024

Description This article describes the logs and debugs to be collected for device detection issues. Scope FortiGate. Solution Below are the logs and outputs to collect for device detection issues, such as when device details are incorrectly identifie...

mriswan · 09-03-2024

Hello @boneyard , Sorry my bad. The commands I shared are for FGCP. Are you seeing the sync session counts incrementing on the get system ha status output?https://community.fortinet.com/t5/FortiGate/Technical-Tip-FGSP-Configuration-Guide-for-Session-...

mriswan · 08-29-2024

Hello @boneyard , Have you tried the below debugs? diag debug enablediag debug console timestamp enablediag debug application hasync -1diag debug application hatalk -1Also, check when was the last time hasync happened using the command "get system ha...

mriswan · 08-28-2024

Hello @Shane-NP ,Could you please provide the output of the below command to suggest your next steps:diag sniffer packet any "host 10.0.100.200 and 10.0.30.2 and icmp" 4 0 aAlso, replace it with a working IP and get the output of the above command to...

mriswan · 08-28-2024

Good day!Could you explain why exactly you are exporting 'fortinet_ca_ssl' from the firewall? I don't think we can export built-in CA certificate with keys.

mriswan · 08-28-2024

Could you please provide more info about the tunnel or tunnels? And how frequently the tunnel is flapping. diagnose vpn ike gateway list name diagnose vpn tunnel list name

User Statistics

User Activity

Technical Tip: NAT64- Web Browsing Flow for IPv6 Hosts Using DNS64 server

Technical Tip: Extended 'Evaluation' License details of VM Firewalls not reflecting automatically

Technical Tip: Processing Order of UTM Profiles in FortiGate Firewall Policies

Troubleshooting Tip : How to troubleshoot traffic matched to the Implicit Deny policy not logged despite Policy Logging enabled

Troubleshooting Tip: Log collection for Device detection issues

Re: diagnose debug application sessionsync level

Re: diagnose debug application sessionsync level

Re: Policy Ignored - Inter VLAN Routing

Re: Export CA Root Certificate with private key

Re: site-to-site VPN tunnels, which are going up and down after upgrading from version 6.4.15 to 7.2

Troubleshooting Tip: IPS engine manual update fail...

Re: diagnose debug application sessionsync level

Re: diagnose debug application sessionsync level

Troubleshooting Tip: Log collection for Device det...

Troubleshooting Tip: How to analyze SIP packet cap...

KCS

User Statistics

User Activity

You are leaving our website