Technical Tip: Web filter is not blocking websites...

ezhupa · 11-17-2025

Description This article describes how to fix issues with GRE passthrough traffic matching implicit deny for return traffic in 90G devices. Scope FortiGate. Solution After upgrading from the v7.2 branch to v7.4.8, there might be issues with GRE passt...

ezhupa · 10-27-2025

Description This article describes how to resolve issues with the Printer.Job.Language traffic is categorized as 'unknown' and blocked by APPCTRL. Scope FortiGate, FortiOS. Solution When having Application Control (APPCTRL) security profile enabled o...

ezhupa · 09-12-2025

Description This article describes issues with the Graceful Restart feature when used with neighbor groups defined with the neighbor-range command. Scope FortiGate, FortiOS. Solution In some cases, when administrators need to configure multiple BGP n...

ezhupa · 08-21-2025

Description This article describes how to automate bouncing IPsec interfaces using an automation stitch. Scope FortiGate. Solution In cases where it is needed to bounce an IPsec tunnel at a specific time during the day or week, automation stitches ca...

ezhupa · 07-24-2025

Description This article describes the traffic traversing via a non-preferred SD-WAN member due to incoming traffic. Scope FortiGate. Solution SD-WAN is a strategy to perform intelligent routing on FortiGate. When there are multiple WAN links availab...

ezhupa · 11-19-2025

Hello, Did you try blocking the Instagram Signature in the APPCTRL application override?If you block the signature itself, the APP should be blocked by the application control profile.Just make sure the traffic is matching the correct firewall policy...

ezhupa · 11-19-2025

I assume this is the same question that you asked in this other topic:https://community.fortinet.com/t5/Support-Forum/Traffic-arrives-at-Virtual-Server-but-seems-to-just-blackhole/m-p/419659#M279517As mentioned there, try disabling arp-reply for the ...

ezhupa · 11-19-2025

Hello,Can you share screenshots of your webfilter configuration and what other categories are blocked?IF you share also forward logs from your fortigate, on the details part there is a lot of usefult information that can indicate what exactly it is b...

ezhupa · 11-19-2025

Hello, Usually the first packets will always go through the HUB, after that when shortcuts are negotiated, the traffic should flow through the shortcut tunnels, so spoke-to-spoke directly.Actual generated traffic only can trigger the shortcut negotia...

ezhupa · 11-19-2025

Hello,Please try to disable arp-reply on the VIP/VS settings:https://community.fortinet.com/t5/FortiGate/Technical-Tip-ARP-reply-setting-in-Virtual-IP-IP-Pool/ta-p/192527From your debug flow:find a route: flag=80000000 gw-0.0.0.0 via rootThis output ...

User Statistics

User Activity

Technical Tip: GRE passthrough traffic matching implicit deny for return traffic after upgrade to v7.4.8

Technical Tip: APP Control Randomly fails to identify Printer.Job.Language traffic

Technical Tip: BGP Graceful Restart with neighbor groups defined with neighbor-range command not working

Technical Tip: Using automatic stitches to bounce IPsec interfaces

Technical Tip: SD-WAN bandwidth graph showing traffic on non-preferred member

Re: Block Instagram app

Re: Traffic arrives at Virtual Server but seems to just blackhole

Re: Unblock certain game

Re: sdwan shortcut traceroute

Re: Traffic arrives at Virtual Server but seems to just blackhole

Technical Tip: Web filter is not blocking websites...

Technical Tip: SSL VPN on PPPoE issues after upgra...

Technical Tip: HA issues after upgrade to v7.2.9 f...

Technical Tip: Dial-up IPsec flapping issues after...

Troubleshooting Tip: VDSL issues on FortiGate 80F-...

Re: Redundant dial-up VPN FG to FG

Re: Ha sync config delay

Re: DNS Virtual Server load balancing to real serv...

Re: Direction incoming vs outgoing in logs (Fortig...

Re: Route vpn ipsec comes from port mgmt

KCS

User Statistics

User Activity

You are leaving our website