Technical Tip: FortiGate HA Out-of-sync issue on v...

akanibek · 09-25-2025

Description This article explains the default certificate matching behavior for SSL-VPN and IPsec VPN tunnels on FortiGate. Scope FortiGate v7.0, v7.2, v7.4, v7.6. Solution According to the internal engineering documentation, FortiGate’s certificate ...

akanibek · 07-25-2025

Description This article provides a workaround for the HA Out-of-Sync issue observed on firmware version 7.6.3. The issue can occur in both Active-Active and Active-Passive HA configurations. Scope FortiGate v7.6.3 GA. Solution Zero-day malware strea...

akanibek · 06-23-2025

Description This article provides some workarounds for HTTPSD crashes with ACME enabled. Scope FortiOS 7.6.3. Solution There is a known issue on 7.6.3 GA - ACME can trigger the HTTPSD process to crash. First, verify whether the issue matches the know...

akanibek · 05-26-2025

Description This article describes how to perform long-term packet capture with the output in multiple, separate files instead of capturing traffic into one enormous PCAP file. Scope FortiNAC v9.4.X. Solution Open SSH to a FortiNAC, and execute the c...

akanibek · 04-17-2025

Description This article describes an issue while adding a production domain name to the ‘Allowed Domains’ list. Scope FortiNAC 9.4, FortiNAC-F-7.X. Solution It is possible to receive an error like the one shown below while adding a production domain...

akanibek · 05-05-2024

I would suggest considering placing your FGT before Mikrotik, and adjust your firewall policies on FGT. Then, send all traffic to Mikrotik which could act as default route to your FGT. If you have several segments, and all routes are in the Mikrotik,...

akanibek · 05-05-2024

Dear team, before purchasing, or getting a device from second hand, please ensure that the legacy owner has active email in the support portal, and can transfer his device to you. Meanwhile, be informed from Local Sales Representatives, if you purcha...

akanibek · 05-05-2024

try to sign in to the portal below, where you can find docs related REST API: https://fndn.fortinet.net/

akanibek · 04-26-2024

Have a look also to this documentation, step #2. It should be possible to perform without EMS server as @ozkanaltas said: https://docs.fortinet.com/document/forticlient/7.2.4/administration-guide/445907/configuring-autoconnect-with-username-and-passw...

akanibek · 04-26-2024

Could you make a packet capture with some debugs on FGT enabled, and compare outputs. Which device does terminate connection? Maybe you could see some errors from debugs: 1. packet capture between FGT and DC. 2. debugs: diag de reset diag de app fnba...

User Statistics

User Activity

Technical Tip: FortiGate - SSL VPN and IPsec Dial-up PKI-user certificate matching logic