Re: Session "helper=sip" and "helper=20" and state...

nweckel · 04-25-2025

Description This article describes the FortiGate configuration block Amazon Prime Video. Scope FortiGate. Solution The following sample configuration goal is to block access to Amazon Prime videos but allow access to the Amazon website. Application C...

nweckel · 03-20-2025

Description This article describes an issue regarding packet loss on traffic after setting the traffic shaper on FortiGate 9xG and 12xG. Scope FortiGate-9xG and 12xG. Solution When the traffic shaping policy is enabled, packet loss is observed in the...

nweckel · 02-21-2025

Description This article describes how to prevent ESP error logs from being sent to FortiAnalyzer. Scope FortiGate v7.2.4 or more recent with FortiAnalyzer Logging. Solution From FortiOS v7.2.4, the ESP packet handling process has the detection of un...

nweckel · 01-21-2025

Description This article describes a change of behavior in version 7.2.6 and more recent version where the FortiGate interface does not respond to Ping even if Ping is allowed in interface configuration. Scope FortiGate version 7.2.6 and more recent ...

nweckel · 11-26-2024

Description This article describes the difference in SIP inspection configuration and behavior between FortiOS 7.0 and 7.2.5. Scope FortiOS 7.2.5 or more recent. Solution SIP ALG stands for Session Initiation Protocol Application Layer Gateway. It is...

nweckel · 05-26-2025

Hello @papapuff , please refer to this Technical Tip: Redundant IPSEC Tunnel using single WAN connection with a configuration sample with active/backup IPsec tunnels for a similar topology as yours. For phase 2 configuration, please remember that the...

nweckel · 05-15-2025

Hello @tuan2tech You can also check in Security Events logs for WebFilter, Application control, SSL... depending on which UTM profiles you have configured in firewall policy LAN to WAN.

nweckel · 10-01-2024

Hello @Sadhi_Jayz , If you hover the cursor over the application signature, it will provide you further information and will mention if SSL deep inspection is required. You can also refer to Fortiguard website for more info regarding the application ...

nweckel · 09-19-2024

Hello @Rsena Did you try with "diagnose traffictest client-intf x1" instead of "diagnose traffictest client-intf portx1"?

nweckel · 07-18-2024

Hello Alex,"inherit_sockport" means that the session is inheriting the source port from the original connection. Do you have "preserve source port" (or fixedport) configured?

User Statistics

User Activity

Technical Tip: How to block Amazon Prime Video

Troubleshooting Tip: Packet loss after applying traffic shaper on FortiGate-9xG and 12xG

Technical Tip: Exclude error log 'Received ESP packet with unknown SPI' to be sent to FortiAnalyzer

Technical Tip: FortiGate interface does not respond to Ping after upgrade to version 7.2.6+

Technical Tip: SIP traffic issue after upgrade from 7.0.x to 7.2.5+ or 7.4.0+

Re: Create 2 Tunnel from 1 device

Re: Why is Fortinet blocking SSL connections to iCloud-related domains?

Re: Moving from Palo Alto App ID to Fortinet Application Filtering

Re: iperf3 and using x1 port