We have two pairs of 91G's running 7.4.6 at two different locations.
Each has a DMZ with subnet 192.168.100.0/29, and each location has a
route map that allows redistribution of connected routes into OSPF. Site
A is preferred and has route redistribu...
We have a vendor who has 2 servers with 2 NICs configured with teaming.
Port 1 of each server is directly plugged into port 2 of each FortiGate
(also belongs to vendors, and these are 60E's running 7.0.x). We've been
testing failover, and it's been p...
We currently have two sites, Site A and Site B, with identical
destinations defined over separate VPN tunnels. Each site has a separate
SNAT range using different IP addresses, so they know which
location/route to send traffic back to. Both of our fi...
We are using a Gate running 7.4.7 as a RA IPSec VPN for our clients, and
the FortiClient is version 7.4.3.1790. One of the servers has a GPO that
enforces encryption between the various clients and a server, and this
traffic is never placed in the tu...
We are in the process of moving our VPN users to IPSec RA VPN, but we
need to use SAML SSO. This requires some port to be opened up, so we're
using tcp/9443 like the documentation. The reason we're moving away from
SSL VPN is because of the large num...
Thanks for your time on this, BillH. I lost my last response when I
accidentally pressed the wrong key. In a nutshell, we put a switch in
between the servers and FortiGates (the ports for the servers were all
put into a single software switch on both...
Sorry for the delay, but I've been out of town and not paying attention
to electronics. The important piece of info is that the firewall needs
to do a DNAT on the ingress (inside) interface. Traffic destined to
192.168.3.55 on the inside firewall int...