Troubleshooting TIp: IPsec issues encountered with...

princes · 01-11-2026

Description This article describes the reason why test connectivity fails on FortiGate with error -19, despite logs being sent to FortiAnalyzer. Scope FortiGate. Solution This issue will be triggered if the test connection fails due to an MTU issue f...

princes · 01-09-2026

Description This article explains a quick way to identify if the TLS connection is failing due to a larger server hello packet size. Scope FortiGate, FortiGate-VM. Solution In the case that the TLS handshake fails, and the forward logs are shown as s...

princes · 01-07-2026

Description This article describes how to check the TCP half-open/close sessions on FortiGate. Scope FortiGate. Solution In some situations, it is necessary to verify an incomplete TCP handshake. For example, a SYN packet may be sent, but no SYN-ACK ...

princes · 12-16-2025

Description This article describes how to configure and connect an external Threat block List to FortiGate without installing any third party web server application. Scope FortiGate. Solution In scenarios where no web server installation is possible,...

princes · 12-08-2025

Description This article explains how to generate a server certificate from FortiGate; the same certificate can be used for SSL VPN client or to secure web mode access. Scope FortiGate. Solution To remove a non-secure warning from SSL VPN web mode in...

princes · 01-09-2026

Hi, If you need both tunnels to be up at the same time and want to choose a specific one to route the traffic then you might use route map to prioritize a specific OSPF route. In case you need to do a load balance and both of the IPSEC tunnels should...

princes · 12-09-2025

Hi AlexFerenX, Kindly check the CPU usage for the device and verify if any particular core is going HIGH, if yes then it might cause similar issue. Refer below article for more detail: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-H...

princes · 11-03-2025

Hi Zenhusen, Take the firewall CLI access through putty , configure a free port with IP address and enable DHCP services . Enable https on that interface, once configured connect a PC directly to that port and check if you get an IP through DHCP. Onc...

princes · 11-03-2025

Hi HT_JDC, It is difficult to tell the exact number since it is dependent on multiple factors like the medium and the scheme chosen. Thank you.

princes · 11-03-2025

Dear HT_JDC, The FEC is not measured by number of bytes, it is the ratio which measures the overhead which is dependent on the base payload. It may result in overall Bandwidth increase by the applied ratio. Best Regards,

User Statistics

User Activity

Technical Tip: Logs are visible on FortiAnalyzer despite the test connectivity error on FortiGate

Troubleshooting Tip: TLS Server Hello packet failed to pass through

Technical Tip: How to check TCP half close and half open session on FortiGate CLI

Technical Tip: Connecting external Threat Feed server to FortiGate without installing a web server application in Windows

Technical Tip: Remove Certificate POP-UP message while connecting to SSL VPN

Re: Configure IPSec with SD-WAN and Interaction with OSPF

Re: "port_ha" drop count is increasing, ha1 and ha2 drop show 0 - why?

Re: cant connect to firewall web UI timeout issue

Re: IPsec Forward Error Correction

Re: IPsec Forward Error Correction

Troubleshooting TIp: IPsec issues encountered with...

Technical Tip: LDAP Authentication with MAC addres...

Technical Tip: Securing a captive portal enabled i...

Technical Tip: Unable to resolve local FQDNs on Fo...

Technical Tip: IPsec phase-2 selectors deleted aut...

Re: VPN Site to Site

KCS

User Statistics

User Activity

You are leaving our website