I have a site to site VPN between an on-prem FortiGate 500E and a
vFortiGate in Azure.Due to the distance between the FortiGates
geographically, I’m trying out Forward Error Correction (FEC) ingress
and egress on both FortiGates to see if it can impr...
Hello We are using FortiClient EMS to manged + 7.000 FortiClient, only
using the VPN function.The EMS server uses our Microsoft Active
Directory to pull in devices and their location in the AD.Currently we
are assigning policies to devices based on t...
HiWe often use FQDN address object to allow traffic from LAN site to
external resources.But how about an external resource as an FQDN
(multiple dynamic public address covered, as it is a cloud service).Does
it work, if we create a policy, with a VIP ...
Hi Fortinet community. I'm running a vm FortiManager v7.0.3I'm been
struggling with scheduled firmware upgrade of our full-stack fortient
setup (FortiGate + FortiSwitch + FortiAP)The issue start, when we have
sites where either one or more units may ...
Hi Fortinet communityI’m currious to hear if anyone has experience or
would share their journey towards SD-WAN / SD-WAN zones from a running
production FortiGate. I’m managing serveral firewall, all currently
build with “normal” interface added to zo...
Looks like Firmware upgrading the Azure vFortiGate from 6.4.9 => 7.0.12
has solved the issue with the ESP erros. At least I don't see them
anymore after the upgrade.Root cause remains unresolved on 6.4.9 though.
@KumarV Indeed, you are right.However these errors started after I
enabled FEC. They did not appear before.Also based on the nature of FEC,
that uses transmitted packages I makes sense why anti-replay would react
on ESP packages with a sequence numbe...
Hi BonThank you and sorry for my late reply. I did raise a TAC tricket
and we identified issues with our SQL DB.I am deploying a fresh EMS
server and SQL DB, and will migrate licens and users to the new server
as a solution.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.