Hi all. I'm needing to route traffic for certain IP addresses to another
router on the same subnet, which tunnels traffic off to an external
provider. I can use a static route on the FortiGate and this works no
problem. I can't however do this using ...
Hi all I have been told that FortiOS comes in different branches. Am I
correct in saying that branch 5.6.x is an ‘Innovation’ release and 5.4.x
is the recommended release? I have been trying to find anywhere where
FortiNet states this. If this is the...
Hi all I am supporting a school with a FortiGate which has been working
really well for blocking access to undesirable content. There have been
issues lately where students have been finding questionable content on
Google and Bing by searching for im...
I have a client with a website behind a FortiGate 60D. I have IPS
enabled in the inbound HTTP VIP and get alerted any time an external
attack is detected. The last four days there is been an increasing
number of HTTP.URI.SQL.Injection attempts. I cam...
Hello I have a client who have had their PABX hacked and need to block
all SIP traffic except to their VoIP provider. I installed a small
FortiGate 30E for them and set up an inbound VIP rule specifying only
the VoIP provider's IP address as the sour...
OK so I've worked this out. I needed to have a VLAN to VLAN policy even
though it's the same VLAN.edit 141 set name "Client VLAN to Client VLAN"
set srcintf "Client VLAN" set dstintf "Client VLAN" set srcaddr "all"
set dstaddr "all" set action accept...
Hi Bart. I checked the routing monitor again and confirmed you are
correct. If I enable the policy route, the routing monitor shows it as
the chosen route. My ping tests fail when the policy route is enable
though. If I disable the policy route, the ...
When the static route isn't there (it was only put in when the policy
route didn't work) the default route is used. I deleted the static route
and tested this with the Routing Monitor and it shows that the default
route is the one it's using.
Hi Hillel Thanks for replying to this. Those Facebook groups look
worthwhile. Interesting what you say about series C/D using 5.4.5 and
series E using 5.6.2. A few months back I upgraded a 300D from 5.4.x to
5.6.x (can't remember the exact versions) ...
Thanks Karim That makes a lot of sense. I've done some testing and can
see that safe search only works with deep packet inspection enabled. We
don't use DPI due to the large amount of BYOD devices in the school. I
have come up with another plan that ...
