So, I'd put in a support ticket for this against the 6.4.x firmware
because it definitely behaves there's a bug where VIPs are being applied
to everything and were likely ignoring the src-filters, and just got
back around to poking at it on the newer...
Scope: At least all Fortinet-101F units running 6.4.11, and I have no
doubt it applies to basically any unit capable of running a DHCP server
or relay (and didn't notice any mention of it being fixed in newer
versions).Severity: CVSS < 1 (Let's not g...
Product: Fortimanager-VM64Version: v7.0.4 build0306So, this is just
super fun. Upgrading a Fortigate from 6.4.x to 7.x requires using a 7.x
ADOM, but once you do that if you have any VIP range definitions, they
break and you can no longer push policy...
Just to illustrate... pulling the routes from the console with the VPN
up, this is what shows up...(some addresses have been changed to protect
the guilty) Fortigate # get router info routing-table details
71.b.c.dRouting table for VRF=0Routing entry...
I've noticed this as well. It's definitely incorrect and makes me worry
a bit what might happen should someone connect from behind another
Fortigate that has a VPN tunnel already, so I'm pretty interested in
finding out if there's a solution for this...
Let me make this absolutely crystal clear. Go away. Your gaslighting is
not needed. I have figured the problem out. Breaking down complex
problems into successively smaller pieces and then testing and analyzing
those pieces until I have identified an...
More or less. It's something that really commonly throws people, but
VLAN 1 is not actually tagged. Once you're doing VLANs typically the
most sensible thing to do is start making all the ports on your switch
bind to a specific VLAN and only allow 1 ...