Technical Tip: Usage of ‘auto-discovery-crossover’...

GeorgeZhong · 12-14-2025

Description This article describes an issue where a '/' character in the SAML object name on a FortiGate prevents the device from generating the SAML metadata XML file. As a result, the SAML portal cannot be opened during SSL-VPN or IPsec SAML authen...

GeorgeZhong · 11-24-2025

Description This article describes the meaning of the different 'registered protocols' in the output of 'get router info bfd neighbor detail'. This helps to understand that the BFD neighborship is established based on which protocol. Scope FortiGate,...

GeorgeZhong · 10-16-2025

Description This article describes a known issue in FortiAuthenticator where the RADIUS Client configuration cannot be retrieved through a REST API call when using an admin account with a custom admin profile. Scope FortiAuthenticator v6.6.5 and earl...

GeorgeZhong · 09-25-2025

Description This article explains how FortiAuthenticator forwards the SAML username to Azure Entra ID when operating as an IdP proxy. It also highlights a common issue that may be encountered, and what to consider when configuring the remote SAML ser...

GeorgeZhong · 08-07-2025

Description This article describes the 'HA out of sync' issue that occurs after importing an ACME certificate from Let's Encrypt and how to resolve it. Scope FortiGate HA, ACME certificate. Solution The Automated Certificate Management Environment (A...

GeorgeZhong · 10-08-2025

Hi @yeowkm99 , There is no compatibility issue between different versions of FortiGate with the IPsec. So, we can either upgrade them at same time or different time. But please be aware of the compatibility of other devices such as FortiManager, Fort...

GeorgeZhong · 10-08-2025

Hi @Liza1 , The only option is to perform factory reset and reload the firmware image and configuration. This is for the security purpose. Please follow below instructions to format and reload the firmware image: https://community.fortinet.com/t5/For...

GeorgeZhong · 10-08-2025

Hi @genisi , The encryption algorithm of different FortiGate model is different, which means we cannot copy the encrypted password string between them. In this case, if we choose to manually copy the configuration, we need to redo all passwords on ne...

GeorgeZhong · 09-30-2025

Hi @gorapr , The branch should determine what type of traffic should be forwarded to the Hub by routing or policy routing. The IPsec split tunneling normally only applies to the Dialup IPsec connection initiated from the FortiClient . Regards, George

GeorgeZhong · 09-30-2025

Hi @sirma504 , To achieve this requirement, we may need to refer couple of documents. There may not be a single document that fully explain each detail step. Firstly, regarding to the 4 site-to-site IPsec tunnels and BGP routing, we can follow below ...

User Statistics

User Activity

Technical Tip: SAML portal failed to be opened due to '/' contained in the SAML name on FortiGate

Technical Tip: Clarification of 'Registered protocols' under BFD neighbor detail

Technical Tip: unable to use REST API to access RADIUS clients configuration with custom admin profile

Technical Tip: How FortiAuthenticator Forwards the SAML Username to Azure Entra ID When Acting as an IdP Proxy

Troubleshooting Tip: How to fix an HA out of sync issue after importing an ACME certificate from Let's Encrypt

Re: Upgrading to FortiOS 7.4.8

Re: Unable to Access or Restore Super Admin Privileges on FortiGate

Re: Copy config from a different model Fortigate : Local username/passwords?

Re: Advice for IPSec

Re: FortiGate SDWAN with BGP HUB-HUB

Technical Tip: Usage of ‘auto-discovery-crossover’...

Re: SSL VPN Doesn't work after firmware update 7.2...

Re: Time-based administrator login access

Technical Tip: How ICMP-redirect works in FortiGat...

Re: Upgrading to FortiOS 7.4.8

Re: Time-based administrator login access

KCS

User Statistics

User Activity

You are leaving our website