Re: Fortigate - Dont allow Traffic between Network...

FranFisc1 · 05-21-2025

Hello,trying to convert a FTD policy to Fortigate using FC 7.2.0.Some ACLs contain multiple source interfaces.The converted policy imho seems to miss source interfaces.This happens with FTD ACLs having multiple source interfaces as well.example: acce...

FranFisc1 · 07-29-2024

Hi, I find the OBM feature on FortiExtender very very useful.https://docs.fortinet.com/document/fortiextender/7.4.4/admin-guide-standalone/957071/obm-management Is similar functionality in FortiOS on Fortigate available as well ? How to use it ?If no...

FranFisc1 · 01-29-2024

Hello FortiGuys, here is a recommendation from Microsoft, how to do this technically: Blocking adult content with SafeSearch or blocking Chat Chat: --- If you want to guarantee Chat is turned off for all users on your network, in your router or proxy...

FranFisc1 · 03-21-2023

Hi,we want to identify windows endpoints as corp. managed workstations with a somehow fair confidence,but without rolling out certificates or Agents, nor involving WinRM or other dependencies to AD.Of course we discussed and we are aware that those D...

FranFisc1 · 05-27-2025

Hello Martin,you seem to have all 3 IP Layer 3 networks in the same layer 2 domain.With that setup, you cannot control direct communication between 2 devices on the layer 2.The solution is to configure Virtual LANs on the switch and the firewall. (VL...

FranFisc1 · 05-27-2025

Hello,thanks for the answer and the link.We had already reviewed the FC docs and pulled the LINA Config from the FTD system for conversion.Meanwhile I have been in contact with Fortinet Engineers and it turned out as an FC issue.The issue manifests i...

FranFisc1 · 02-10-2025

Sorry... this is not correct.This "Tag" im the RADIUS Standard Tunnel attributeshas nothing to do with the Vendor Specific Attributes for Cisco "Scalable Group Tags" (former: Security Group Tags)Basically, a RADIUS server may respond with multiple "t...

FranFisc1 · 02-10-2025

Hi,well..801.X or MAC authentication both happen before the client is assigned an address through DHCP.DHCP can not start before the port ist authenticated by MAB or Dot1X.This is why even Cisco-Switches cannot send AVP Framed-IP-Address with the RAD...

FranFisc1 · 07-30-2024

Thanks for your reply. Unfortunately, "Out-of-band management with reserved management interfaces" on the Fortigates only has some similarity in the name,but this is is something completely different than the FEX OBM feature.on FEX, OBM means:You can...

User Statistics

User Activity

FortiConverter Cisco FTD Conversion - src / dst Interfaces missing in firewall policies

OBM supported on FortiGate ?

Prevent usage of Microsoft bing chat

FortiNAC DHCP Fingerprinting: How to match on DHCP User Class ?