Allow me to outline for you a nightmare scenario... You're using BGP for
routing, with a wholly separate netblock for those links.You have a few
(let's say 6-7) AD servers doing LDAP authentication across the company
VPN, and you'd like to actually l...
So, I'd put in a support ticket for this against the 6.4.x firmware
because it definitely behaves there's a bug where VIPs are being applied
to everything and were likely ignoring the src-filters, and just got
back around to poking at it on the newer...
Scope: At least all Fortinet-101F units running 6.4.11, and I have no
doubt it applies to basically any unit capable of running a DHCP server
or relay (and didn't notice any mention of it being fixed in newer
versions).Severity: CVSS < 1 (Let's not g...
Product: Fortimanager-VM64Version: v7.0.4 build0306So, this is just
super fun. Upgrading a Fortigate from 6.4.x to 7.x requires using a 7.x
ADOM, but once you do that if you have any VIP range definitions, they
break and you can no longer push policy...
Oh you can have an identical route to more than one tunnel, but which
one gets it will be anyone's guess. With iBGP it will be clear in the
routing table that the longer path isn't the one you want, and if/when a
link goes down its route will be auto...
What you're asking about is not only doable but is also a good idea,
although you will probably need to set up iBGP to take full advantage of
it.iBGP will make it so that when your primary IPsec tunnel is down, so
long as a route to the same destinat...
At first blush it looks like this is yet another case of the Fortinet
maybe not picking the appropriate origin interface. Assuming you have a
private network address assigned to an "internal" interface of your FTG,
fix this by adding "set interface p...
Just ran into this issue myself, with a side order of it actually being
caused by the Fortimanager deciding it doesn't believe in the existence
of any malware threat feeds after an update (7.2.4->7.2.5), so it tries
to delete the malware feeds out of...
Just to illustrate... pulling the routes from the console with the VPN
up, this is what shows up...(some addresses have been changed to protect
the guilty) Fortigate # get router info routing-table details
71.b.c.dRouting table for VRF=0Routing entry...