Description This article describes the steps to access a DNS Server on
the other side of an IPsec Tunnel Scope 7.0+. Solution The DNS traffic
on FortiGate is self-originating traffic, meaning it originated from
FortiGate itself. See the administratio...
Description This article describes the case when finding the SD-WAN rule
and member that is used in a particular session on FortiGate. Scope
FortiGate. Solution To find the SD-WAN rule that is used in a particular
session, it is better to apply a fil...
Description This article describes troubleshooting steps if getting
Duplicate IP message or IP conflict log. Scope 7.0+. Solution If getting
a Windows event notification that there is an IP conflict and the Mac
address of that is matching with FortiG...
Description This article describes why Phase 2 rekeying can be visible
before the timer is set in Phase 2 settings on FortiGate. Scope
FortiGate v7.0+. Solution When an IPSec tunnel is created between
FortiGate and Cisco ASA, they have different Phas...
Description This article is a resource list for FortiGate IPSec VPN
Configuration and Troubleshooting. Scope FortiGate v7.0+. Solution
Configuration: Title Description Basic site-to-site VPN with pre-shared
key Configuration for Site-to-Site IP Sec T...
Can you check the debug on the other side to see if they are seeing a
different error message. Some vendors require local-id to be set. Here
is an article with more information on that:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-...
You can also use mac address check to make sure only approved devices
are allowed to connect to ssl vpn.Here is more information on how to
configure
that:https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VPN-connectio...
Hello @nellermann , Here is a guide for some hardening measures for SSL
VPN:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-secure-and-limiting-SSL-VPN-unknown-user/ta-p/224096
One of the things you can implement is to add geo block ...
Hello @unknown1020 You can monitor the status of Fortiguard DNS
here:http://status.fortimonitor.forticloud.com/fortiguardsdns If you are
experiencing latency on Fortiguard DNS, choose 'Specify' in DNS settings
and enter Public DNS.Make sure you choos...
Hello @JohnKuhn Make sure the action is set to monitor, instead of allow
in webfilter for the category. You can also create a new custom category
and assign the website to that.Technical Tip: Web rating override does
not work a... - Fortinet Communit...