Does any version of FortiOS support MOBIKE with IKEv2 dialup VPNs (using
the built-in client on Windows 7/8/10)? I am able to successfully
connect but the "status" as reported in Windows always shows a "no" for
MOBIKE support. I have spotted "process...
Does anyone know when (or IF) a new CLI reference manual will be
released for 5.4? I find the current edition (June 2016) to be useless
and, seemingly, a major step backwards from prior releases.
I generally have issues with TFTP across VPN tunnels, depending upon the
interface order. It seems that there's no way to define a source IP for
"exec backup config tftp" in the same way "exec ping-options source"
exists for plain PING. What I've dis...
It's my understanding that wildcards are not supported in FQDN address
objects and this is confirmed by the statement "Wildcards are not
supported in FQDN address objects" (FortiOS Handbook v5.2.3, page 915).
However, a factory reset of v5.2.4 on a 6...
I am having trouble with throughput and the SSL VPN on both Windows and
Mac clients. Latency from the client to the Fortigate is about 30ms with
bandwidth in both directions of at least 10mbps. Starting with the Mac,
I can achieve full expected perfo...
I thought I'd come back to this thread and update at least one detail.
From what I can tell, the issue with comcast cable is with ESP on their
modems, the SMC-based ones. Although I could not find a CPU load
indicator, I noticed that the web GUI was ...
I am interested in this problem as well. I have yet to find a perfect
solution either. Fortigate dial-up tunnels can be assigned IPs from
RADIUS but sadly Windows IAS/NPS is not capable of handing out IP
addresses from a pool. I always find Windows' ...
Thanks for the update, your discovery is very interesting! I don't think
the comcast modems are at fault (at least not totally) because I can
pass protocol 50 faster when the connection is comcast cable to comcast
cable than when it's comcast fiber t...
mkintexas wrote:I am afraid I don't know exactly how to see if ESP is
being wrapped in UDP packets. Is there a diag command or something that
will show that? diagnose sniffer packet wan1 'host 22.214.171.124' Replace wan1
with your actual wan interface. Rep...
mkintexas wrote:Finally are there any other changes that you made to the
comcast modem? Did you do any 1-1 nat'ing? You seem to understand my
setup. And no, I didn't add any 1-to-1 NAT in the cable modem. The cable
modem config is very vanilla. The o...