I've got a wireless issue where an 802.11g client cannot connect to a
radio configured for 802.11n/g/b.If I configure the radio band to
"802.11g" or "802.11g-only" then the client can connect.This has been
the case since FortiOS 7.2.1, and I am still...
I'm trying to backup a FortiClient EMS 6.4.7 server prior to an upgrade.
The back up fails with ..."An error occurred while creating the backup."
There is nothing in the log viewer, and restarting the server or host OS
makes no difference.I have trie...
When configuring FortiAnalyzer idle timeouts, there is an option for
both "Idle Timeout" and "Idle Timeout (GUI)". Anyone know the difference
between these settings?I'm thinking that "Idle Timeout" might be for SSH
sessions. Pete
Having two interfaces in same IP range in same VRF/VDOM will not work
out well for you, and I would strongly recommend investigating the use
of VDOMs. By using VDOMs and "EMAC VLAN" interfaces, you can configure
multiple VDOMs to "share" a single wan...
I saw a trace very similar to this a few days ago when I was setting up
IPsec between two FGT units where one of the ISPs didn't support native
ESP over IP. Try setting "set nattraversal forced" in the
phase1-interface on both sides.
Looks like you have a DNAT policy that is mapping 148.51.230.148 ->
10.2.0.2.There is then no firewall policy to allow that traffic (hence
the "Denied by forward policy check (policy 0)"). Pete
LAN -> WAN, I would expect a ping response from that interface so long
as you have an appropriate firewall policy that allows PING. Use an
internal host to ping the WAN interface with the following on the
FGT:diag debug enable diag debug flow filter ...
Most likely, your IPsec tunnel interfaces do not have IP addresses on
them.When you execute a ping on a FortiGate, FortiOS does a route lookup
for the destination IP to calculate the egress (outgoing) interface.If
you have not specified your source I...
