Technical Tip: Recommended basic configuration for...

Matt_B · 01-23-2026

Description This article describes a MAC address issue that can affect a VPN tunnel after cutover, preventing the tunnel from establishing until the local ISP router is rebooted. Scope Hardware migration of an existing firewall acting as a VPN gatewa...

Matt_B · 01-18-2026

Description This article demonstrates an uncommon ISP issue that can affect a previously working IPsec tunnel, preventing the tunnel from passing traffic until a manual workaround is applied. Scope VPN gateways not using NAT traversal, especially sit...

Matt_B · 12-20-2025

Description This article demonstrates how to configure a dial-up IPsec VPN using IKEv2 and Multi-Factor Authentication (MFA) with Duo authentication proxy. Scope FortiOS v6.2.4 and later, dial-up IKEv2 VPN. Solution This article refers to non-SSO aut...

Matt_B · 12-17-2025

Description This article provides an overview of guides and resources for User and Multi-Factor authentication in FortiOS IKEv2 Dialup IPsec VPN. Scope FortiOS v7 and later. Solution Determine the User source and required MFA method(s) and refer to t...

Matt_B · 12-14-2025

Description This article demonstrates an example configuration allowing Active Directory users to connect to FortiGate IKEv2 VPN with FortiToken hosted on FortiAuthenticator. Scope FortiGate, FortiAuthenticator, FortiClient, FortiToken, IKEv2. Soluti...

Matt_B · 01-08-2026

Seconded, open a TAC case. Even if it turns out to be a known issue, tunnel issues are unlikely to be identified from a forum post unless they are extremely common. There are just too many different possible HA and VPN configurations, and too many po...

Matt_B · 01-06-2026

Qualsys added and updated some signatures in November 2025, see QID 530600 in their bulletin here https://notifications.qualys.com/product/2025/11/28/application-security-detections-published-in-november-2025. SSLVPN/Agentless VPN on all current Fort...

Matt_B · 12-10-2025

Thank you, this appears to match known issue 1205084 . It's scheduled for fix in FCT v7.4.5. https://docs.fortinet.com/document/forticlient/7.4.4/windows-release-notes/573433/new-known-issues."Re-importing the certificate" is the listed workaround fo...

Matt_B · 12-09-2025

If it works for SSL VPN, this suggests FortiClient itself has the required permissions to access the cert. For IPsec, ensure is enabled for the VPN connection profile. It is disabled by default.https://docs.fortinet.com/document/forticlient/7.4.4/xm...

Matt_B · 12-03-2025

Thread is old, but to avoid the use of fnsysctl (which loses permissions to read /etc/upd.dat in later firmware versions), use "diagnose test update info" to retrieve the FortiCare account FortiGate believes it is registered to.diagnose test update i...

User Statistics

User Activity

Troubleshooting Tip: VPN tunnel does not come up after cutover- local device sees incoming IKE packets but no IKE debug messages

Troubleshooting Tip: Disabling FortiGate IPsec tunnel for five minutes as a workaround to an ISP stale cache issue

Technical Tip: FortiOS IKEv2 Dialup tunnel with RADIUS and DUO MFA

Technical Tip: FortiOS IKEv2 Dialup VPN User and Multi-factor authentication resources

Technical Tip: Authenticating Active Directory users to FortiGate IKEv2 VPN with FortiToken MFA on FortiAuthenticator

Re: ADVPN - Hub and spoke - All tunnels hangs after HA switch

Re: PCI Non Compliance HTTP/1.0 Protocol Downgrade Detected

Re: IPsec IKEv2 VPN with LDAP username/password, computer certificate, and MFA

Re: IPsec IKEv2 VPN with LDAP username/password, computer certificate, and MFA

Re: How to check account via CLI

Technical Tip: Recommended basic configuration for...

Technical Tip: FortiToken Mobile will no longer su...

Technical Tip: Using the same TCP port for IPsec S...

Technical Tip: Certificate Authentication for Fort...

Troubleshooting Tip: Advanced filters for FortiOS ...

Re: Stuck at v7.0.17

Re: Regarding an email received from forticloud: F...

KCS

User Statistics

User Activity

You are leaving our website