Fortinet Community

vbandha · 12-03-2023

Description This article describes how to set an Extended Community list match (Above 65535:1) for Route Map. Scope FortiGate v7.0+. Solution When configuring the BGP Community list match in the Route map, the max value it takes is 65535:1. If enteri...

vbandha · 12-03-2023

Description This article describes how to export IPS signatures using Automation stitch whenever there is an IPS signature database update to the email. Scope FortiGate v7.0+. Solution Create Automation Trigger Go to Security Fabric -> Automation. Se...

vbandha · 11-24-2023

Description This article describes how to set up a BGP Community list to match above a value of 65535:1. Scope FortiGate. Solution When configuring the BGP Community list, the max value it accepts is 65535:1. Entering a value above that causes the fo...

vbandha · 10-15-2023

Description This article describes how to stop users from bypassing the FortiAuthenticator agent login option and using default logins. Scope FortiAuthenticator Agent. Solution When the Two-factor authentication using the FortiAuthenticator agent is ...

vbandha · 09-27-2023

Description This article describes the steps to access a DNS Server on the other side of an IPsec Tunnel Scope 7.0+. Solution The DNS traffic on FortiGate is self-originating traffic, meaning it originated from FortiGate itself. See the administratio...

vbandha · 12-03-2023

@julianhaines Not sure what your end objective is here. If you want users to be able to access internet via the vpn tunnel then a full tunnel would be required (Under split tunnel select Disabled option). Split tunnel is used when you want users to a...

vbandha · 12-03-2023

@RandomTechGuy Release the IP for the end device and then run the packet sniffer for DHCP:diag sniffer packet any "port 67 or port 68" 4 0 l Also run wireshark on end device at the same time Check if the DORA process completes on both sides. When For...

vbandha · 12-03-2023

@dclabs Did you configure Tunnel Interface IP? Here is an article for more information: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SD-WAN-performance-SLA-for-IPsec-interface/ta-p/191897 https://community.fortinet.com/t5/FortiGate...

vbandha · 12-02-2023

@DongPham Instead of restarting Fortigate, you can try disabling the tunnel interface and then enabling it back again if issue happens again. Also please check the Dead Peer detection setting on both sides. Make sure it is set to On Idle.

vbandha · 12-02-2023

Hello @mohar You may want to use Proxy inspection mode for your requirement. Here is more information on that:https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/969330/proxy-mode-inspection In proxy mode, fortigate will act as in...

Fortinet Community

User Statistics

User Activity

Technical Tip: Set Extended Community list match (Above 65535:1) for Route Map

Automation stitch to Export IPS Signature database to email whenever there is an IPS Database update

Technical Tip: BGP Community list matching for AS above a value of 65535:1

Technical Tip: Bypass FortiAuthenticator Agent login option and use the default logins

Accessing DNS server on the other side of IP Sec tunnel

Re: Changing the current VPN to allow better Web Filtering

Re: FortiGate and Fortiap with Radius authentication

Re: Ipsec vpn and sdwan performance SLA issu

Re: IPsec site-to-site problem

Re: Inspect All the traffic of clients.

Technical Tip: BGP Community list matching for AS ...

Re: Fortigate internal firewall for a VLAN

Re: IPsec site-to-site problem

Re: remote user access to second vpn site to site

Re: What is fortigate default qos policy?

Re: Purpose of tunnel interface ip when use sd wan

KCS