Technical Tip: BGP Community list matching for AS ...

vbandha · 04-07-2024

Description This article describes the Micro SD card feature on the FortiGate FGR-70F series. Scope FortiGate 70F. Solution The FortiGateRugged 70F series added Micro SD support as a storage media solution of local disk logging. The maximum card size...

vbandha · 04-01-2024

Description This article describes how to fix if the Ookla speed test is not running on devices behind FortiGate. Scope FortiGate v7.0+. Solution If the speed test by Ookla is running on site https://www.speedtest.net/ and just says 'connecting', it ...

vbandha · 04-01-2024

Description This article describes how to troubleshoot if the DHCP clients are going to a different DNS server than the one configured in the System DNS of FortiGate. Scope FortiGate v7.0+ Solution Check if there is a specific DNS server configured i...

vbandha · 03-31-2024

Description This article describes how to delete an IPSec tunnel created under the SD-WAN zone. Scope FortiGate v7.0+. Solution When deleting all the references from the IP Sec tunnel, one reference for the SD-WAN interface is left that has the delet...

vbandha · 03-31-2024

Description This article describes the issue where the SSL VPN is not working on a loopback interface in an SD-WAN environment. Scope FortiGate 7.0+ Solution If SSL VPN is set up on a different loopback interface for multiple WAN interfaces in an SD-...

vbandha · 02-04-2024

Hello @heyyo Here is a nice guide for resolving HA cluster out of sync. https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-HA-synchronization-issue/ta-p/193422 You can check which configuration objects are out of sync...

vbandha · 01-21-2024

Hello @unknown1020 Also check Dead Peer Detection setting on both sides. Make sure it is set to 'On Demand' https://community.fortinet.com/t5/FortiClient/Technical-Tip-Configuring-DPD-dead-peer-detection-on-IPsec-VPN/ta-p/192616 Regards, Varun

vbandha · 01-13-2024

Hi @siayred Can you run this command to confirm if packet seen on fortigate is coming from same subnet : diag sniffer packet any "host and host " 4 0 l The other side may be SNAT the traffic

vbandha · 01-13-2024

Hello @KMontgomery , Please check if the Phase 1 and Phase 2 timers are matching on both sides of the tunnel. You can also try recreating the tunnel to see if that helps with issue. Can you also share the rekey error that you see? Also did you perfor...

vbandha · 01-05-2024

@mbenitez Just to add one clarification, Fortigate will block traffic originating from outside (WAN) to LAN unless you specifically create a Firewall Policy to allow it. However if the traffic is initiated from LAN-> WAN, the reply to the traffic fro...

User Statistics

User Activity

Technical Tip: Micro SD card support on the FGR-70F series

Technical Tip: The Ookla speed test is not running on devices behind FortiGate

Technical Tip: DHCP clients going to wrong DNS server

Technical Tip: IPSec tunnel under SD-WAN zone not deleting

Technical Tip: SSL VPN is not working on loopback interface in SD-WAN

Re: HA Checksum Recalculate - What happens?

Re: Tunnel IPSEC in FortiGate

Re: Access to VLANs via IPSEC VPN

Re: Phase 2 issues - traffic stops but no errors logged

Re: How to block specific application

Technical Tip: BGP Community list matching for AS ...

Technical Tip: Add FortiGate Interface to a Hardwa...

Re: FortiGate and Fortiap with Radius authenticat...

Re: IKEv2 IPsec FortiGate - pfSense

Re: Fortigate internal firewall for a VLAN

Re: IPsec site-to-site problem

Re: remote user access to second vpn site to site

Re: What is fortigate default qos policy?

Re: Purpose of tunnel interface ip when use sd wan

KCS