Hello, I have seen some Fortigates with 802.3ad Aggregate interfaces
that contain multiple VLAN, L3 interfaces.This is confusing me, as I
assumed that 802.3ad Aggregate interfaces were essentially bonded trunks
(that would not contain multiple L3 int...
Hello, we have a DMZ vdom, however we still have many legacy incoming
public VIP rules that point to our 'non-DMZ' LAN vdom.Is this considered
bad security practice?These public facing VIP rules are quite strict
with ports allowed, but I just feel th...
Hello we have a BGP WAN connection with two interfaces - primary and
secondary. We use weighting and prepending on these to prioritise the
primary interface over the secondary. See below config. We have just
tried to advertise a statically configured...
Hello we have found that when downloading images from Reuters that the
speed is very slow. As soon as we disable Deep Packet Inspection the
speed returns to normal.I can understand how DPI would block
communication but I don't understand how it could...
Hello I currently do not use application control on Internet bound
outgoing traffic but I do block outbound port 22 (SSH).However, I dont
think this will protect me if someone from within my LAN starts up an
SSH reverse shell to the Internet using a ...
I think I have found the answer. It appears that standard route-maps
used for BGP AS prepending do not work with default routes i.e.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45618 Please let
me know if anyone thinks otherwise.A real tr...
I dont want to use a default route, because we have some LAN subnets
that are not advertised via BGP, therefore, I still need that default
route to point to our WAN circuit.Yes, nice idea about creating there
policy routes. That is what I was after. ...
Hello, I am wanting a way to route all non-private address destinations
to a particular port without using a 0.0.0.0 default route.Are there any
options ?
