Fortinet Community

vbandha · 09-27-2023

Description This article describes the steps to access a DNS Server on the other side of an IPsec Tunnel Scope 7.0+. Solution The DNS traffic on FortiGate is self-originating traffic, meaning it originated from FortiGate itself. See the administratio...

vbandha · 09-27-2023

Description This article describes the case when finding the SD-WAN rule and member that is used in a particular session on FortiGate. Scope FortiGate. Solution To find the SD-WAN rule that is used in a particular session, it is better to apply a fil...

vbandha · 09-26-2023

Description This article describes troubleshooting steps if getting Duplicate IP message or IP conflict log. Scope 7.0+. Solution If getting a Windows event notification that there is an IP conflict and the Mac address of that is matching with FortiG...

vbandha · 09-25-2023

Description This article describes why Phase 2 rekeying can be visible before the timer is set in Phase 2 settings on FortiGate. Scope FortiGate v7.0+. Solution When an IPSec tunnel is created between FortiGate and Cisco ASA, they have different Phas...

vbandha · 09-24-2023

Description This article is a resource list for FortiGate IPSec VPN Configuration and Troubleshooting. Scope FortiGate v7.0+. Solution Configuration: Title Description Basic site-to-site VPN with pre-shared key Configuration for Site-to-Site IP Sec T...

vbandha · 09-24-2023

Can you check the debug on the other side to see if they are seeing a different error message. Some vendors require local-id to be set. Here is an article with more information on that: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-...

vbandha · 09-23-2023

You can also use mac address check to make sure only approved devices are allowed to connect to ssl vpn.Here is more information on how to configure that:https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VPN-connectio...

vbandha · 09-17-2023

Hello @nellermann , Here is a guide for some hardening measures for SSL VPN:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-secure-and-limiting-SSL-VPN-unknown-user/ta-p/224096 One of the things you can implement is to add geo block ...

vbandha · 09-16-2023

Hello @unknown1020 You can monitor the status of Fortiguard DNS here:http://status.fortimonitor.forticloud.com/fortiguardsdns If you are experiencing latency on Fortiguard DNS, choose 'Specify' in DNS settings and enter Public DNS.Make sure you choos...

vbandha · 09-16-2023

Hello @JohnKuhn Make sure the action is set to monitor, instead of allow in webfilter for the category. You can also create a new custom category and assign the website to that.Technical Tip: Web rating override does not work a... - Fortinet Communit...

Fortinet Community

User Statistics

User Activity

Accessing DNS server on the other side of IP Sec tunnel

Technical Tip: How to find the SD-WAN rule and SD-WAN member used for a particular session

Troubleshooting Tip: Duplicate IP or IP conflict caused by FortiGate

Technical Tip: IPSec tunnel between FortiGate and Cisco ASA has Phase 2 rekeying before the timer set in Phase 2 settings

Technical Tip: FortiGate IPSec VPN resource list

Re: IPSec VPN won't come up

Re: SSL VPN Device Auth?

Re: Blocking Low and Slow botnet authentication attacks against exposed SSL VPN portal.

Re: web page access problems

Re: Help — new website blocked

Re: What is fortigate default qos policy?

Re: Purpose of tunnel interface ip when use sd wan

KCS