Description This article describes why the device does not reflect as an
HA cluster being selected in the automation stitch on the security
fabric root. Scope FortiGate. Solution When trying to add the current HA
cluster in the FortiGate(s) of the au...
Description This article describes why Cisco SCCP phones repeatedly
reboot every 8-10 minutes when a FortiGate times out the TCP session on
port 2000, causing subsequent keep-alive packets to be dropped. Scope
FortiGate. Solution Consider the followi...
Description This article describes how to troubleshoot and resolve the
Let's Encrypt certificate renewal error. Specifically, it addresses the
issue: 'Domain authorization for vpn.example.com failed. CA considers
answer to challenge invalid'. Scope F...
Description This article describes an issue where an automation stitch
configured to trigger an alert email during a device reboot fails to
send the email during the actual reboot process. Scope FortiGate v7.4.8
Solution During test triggers, the ema...
Description This article describes how to use NULL encryption on a
FortiGate to intentionally bypass ESP decryption during controlled
diagnostic testing. Scope FortiGate. Solution In some cases, such as
troubleshooting packet loss or performance issu...
Topology 1:Azure-VM --- S2S --- On-Prem Topology 2:Phy-FGT --- S2S ---
On-Prem Topology 3:Azure-VM --- S2S --- On-Prem --- S2S --- Phy-FGT Is
this your topology? If yes, you can just update the routing table and
point the destination to the correct o...
What's the FOS version? Run below debugs and attach the output. dia
debug resetdia debug application sslvpn -1dia debug application samld
-1dia debug enable
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Companion-for-troubleshooting...
If you delete the services, you can't reference it under policy and
objects but the services will still be active. Use local-in policy to
block services.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671
Hello, What's the FortiClient version? At what percent the connection
stop? Enable FCT debug and check the reason for failure. Refer to the
link below on how to enable debug log in FortiClient.
https://community.fortinet.com/t5/FortiClient/Technical-...
What's your topology? Run a sniffer and check the source mac of the
incoming traffic and make sure it's the same as blocked mac. Sniffer:
dia sniffer pack any "host x.x.x.x" 6 0 a
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-...
