Using the search bar to search for an IP address at the top of the
firewall policy screen in FOS 7.4+ always includes as a result any rule
containing the "all" object. How do I turn this behavior off? While it's
logical, for me it's uninteresting (un...
Can someone give a quick overview (or point me to docs please) of how
FPX matches explicit proxy traffic it gets _in detail_? From what I
understand so far* Policy looks at ACE of type explicit proxy and tries
to match (interfaces,src,dst,schedule,se...
I see this has been added in 7.4, which is a good thing, but it is
somehow very
limited.(https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/266506/ssl-vpn-with-certificate-authentication)UPDATE:
correct link is:
https://docs.fort...
Do I have to include the delimiters!? I.e. do I have to
write/fortinet/orfortinetWhat if I'm matching a path?Do I
write/fortinet\.com\/blub/or can I change the delimiter which makes it
more readable?|fortinet\.com/blub|or is it already escaping on it...
I am having a hard time figuring out how exactly a decision is taken
when multiple UTM profiles and multiple rules are in play. But let's
have a simple example: I have a HTTP request that goes into category
"Information Technology".However it is bein...
Ok thanks for getting back, much appreciated.Well for me it is an
issue.I can search by object instead, which will not include "all", but
which also will not include any group or subnet the object is a member
of. So it's not even more complicated to ...
Sure but the problem is sending the info to radiusconfig user radius
edit set account-key-processing {same | strip} set
account-key-cert-field {othername | rfc822name | dnsname} <----- not
many options next endAlso it requires adding a local user......
That works well unless you want to use a captive portal to authenticate
the connection to the virtual server. In this case it will present the
portal using HTTP and not HTTPS which is not good.
I didn't even realize there was another DB besides Webfilter and
Appcontrol, namely "internet services".... :flushed_face:Thanks for all
the valuable information so far. UPDATE Oh that's because they are not
shown on the quick edit pane. You have to ...
