Hello, we have a DMZ vdom, however we still have many legacy incoming
public VIP rules that point to our 'non-DMZ' LAN vdom.Is this considered
bad security practice?These public facing VIP rules are quite strict
with ports allowed, but I just feel th...
Hello we have a BGP WAN connection with two interfaces - primary and
secondary. We use weighting and prepending on these to prioritise the
primary interface over the secondary. See below config. We have just
tried to advertise a statically configured...
Hello we have found that when downloading images from Reuters that the
speed is very slow. As soon as we disable Deep Packet Inspection the
speed returns to normal.I can understand how DPI would block
communication but I don't understand how it could...
Hello I currently do not use application control on Internet bound
outgoing traffic but I do block outbound port 22 (SSH).However, I dont
think this will protect me if someone from within my LAN starts up an
SSH reverse shell to the Internet using a ...
Hello, I am designing a new VDOM topology. I don't think I need
addressed VDOM links as I am just passing traffic to and fro. Just
wondering if any of you would recommend addressed VDOM links over
non-addressed for any particular reasons that I may b...
I think I have found the answer. It appears that standard route-maps
used for BGP AS prepending do not work with default routes i.e.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45618 Please let
me know if anyone thinks otherwise.A real tr...
I dont want to use a default route, because we have some LAN subnets
that are not advertised via BGP, therefore, I still need that default
route to point to our WAN circuit.Yes, nice idea about creating there
policy routes. That is what I was after. ...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.