Description This article explains how to resolve common invalid
certificate errors encountered during SSL VPN user authentication using
SAML. Error: 'NET:ERR_CERT_COMMON_NAME_INVALID'. Scope FortiGate.
Solution When using the SAML authentication for ...
Description This article describes how to force traffic through only one
SD-WAN member and drop if that interface is down/unavailable. In this
example, there are two WAN interfaces (port1 and port2), and Netflix
traffic is sent only through port2 and...
Description This article describes that FortiGate does not respond to
ARP messages sent by the end devices and cannot access GUI. Scope
FortiGate. Solution When trying to access FortiGate GUI, the connection
times out. On FortiGate, there are only in...
Description This article discusses the 'discard Logon' message that can
be found when checking Fortinet Single Sign-On (FSSO) logs on the DC
Agent. Note: This article assumes that logging is already enabled on the
DC Agent(s). Refer to the following ...
Description This article describes how to assign an IP using DHCP option
82 on FortiGate with a Cisco Switch. Topology: Scope FortiGate. Solution
Step 1: Enable DHCP Option 82 on the Switch: Enable DHCP Snooping
Globally: Switch# configure terminal S...
Topology 1:Azure-VM --- S2S --- On-Prem Topology 2:Phy-FGT --- S2S ---
On-Prem Topology 3:Azure-VM --- S2S --- On-Prem --- S2S --- Phy-FGT Is
this your topology? If yes, you can just update the routing table and
point the destination to the correct o...
What's the FOS version? Run below debugs and attach the output. dia
debug resetdia debug application sslvpn -1dia debug application samld
-1dia debug enable
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Companion-for-troubleshooting...
If you delete the services, you can't reference it under policy and
objects but the services will still be active. Use local-in policy to
block services.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671
Hello, What's the FortiClient version? At what percent the connection
stop? Enable FCT debug and check the reason for failure. Refer to the
link below on how to enable debug log in FortiClient.
https://community.fortinet.com/t5/FortiClient/Technical-...
What's your topology? Run a sniffer and check the source mac of the
incoming traffic and make sure it's the same as blocked mac. Sniffer:
dia sniffer pack any "host x.x.x.x" 6 0 a
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-...