I have a working remote access VPN that I created using the VPN iOS
wizard on the Fortigate 60E version 6.4. I am trying to add IPv6
support. The Fortinet is behind a dual-stack Comcast Business connection
and has a working IPv6 prefix delegation set...
The 60E device is configured to use an internal SMTP server. The server
has IP address 192.168.220.2 is running Postfix on Linux. The Fortigate
is 192.168.220.1. Here is the output of "config system email-server":
config system email-server set reply...
I am getting hammered by a particular IP address on the WAN interface
trying to brute force IPsec VPN (UDP port 500). How do I block traffic
inbound to the device itself? I tried adding an IPv4 policy item with
source & destination interface of "WAN1...
I have a 60E that has a public network using the "internal" switch
(192.168.168.1/25), and a VLAN 20 (192.168.222.1/27). I have enabled
IPv6 prefix delegation, and both networks are getting a /64 from the /59
that my ISP gives me. The clients on the ...
So, 4 years later, no replies. I still don't know how to request more
than 1 IPv6 prefix on the WAN interface..... is this something multiple
VDOMs could accomplish? I get it, no one uses IPv6 in the "real world",
but still would be nice to know.
Tomas, have you found a solution? I have read elsewhere that Forticlient
7 is broken and to use 6.4, but I cannot find where to download that.
For now I gave up on Forticlient and just used the built-in Macos VPN
client, which works fine for IPsec us...
Here is the debug output during a failure: Arrived msg(type 9, 129
bytes):MYEMAILADDR;Fortigate 1176 Config ChangedFGT[SERIALNUMBER]
Automation Stitch:alert-conf-change is triggered.testmail_info:
from:MAIL_SERVER_IP user:noreplymail_info: reverse
pa...
Here is the config with the requested changes: MYFORTINET # show system
automation-action config system automation-action edit
"alert-conf-change_email" set action-type email set email-to
"MYEMAILADDRESS" set email-from "MYEMAILADDRESS" set email-sub...
Wow. According to that post, there is currently not a way to block
inbound UDP port 500 or 4500 on an IP basis. This is something Cisco has
no problem doing......