Troubleshooting TIp: IPsec issues encountered with...

princes · 09-05-2025

Description This article describes different methods used for DNS probe in SD-WAN performance SLA. Scope FortiGate. Solution When the DNS is selected as the protocol for the performance SLA, the working is different from the Ping protocol. Considerin...

princes · 09-05-2025

Description This article describes why session counts are not exactly the same as CLI session list output and GUI FortiView. Scope FortiGate. Solution During an active session verification on FortiGate, both the GUI FortiView and the CLI session list...

princes · 09-04-2025

Description This article explains the reason for authentication failure, even if the test connectivity for the LDAP user is successful. Scope FortiGate v7.4.4 and above. Solution In case the LDAP user test credential shows successful, but user authen...

princes · 08-11-2025

Description This article discusses FortiGate web filter with local category override and default FortiGuard category verdict check. Scope FortiGate. Solution FortiGate used to fetch the category check verdict for any URL from FortiGuard servers. In c...

princes · 08-08-2025

Description This article describes how a DNS filter works and the options available to apply a DNS filter profile. It can be used with a firewall policy as well as from a DNS server recursive interface. Scope All FortiOS. Solution FortiGate can only ...

princes · 09-18-2025

Hi Jet06, Kindly share us the non working IKE debug while connecting to VPN. Are you able to connect to the VPN but unable to access internal service or VPN itself not connecting.

princes · 09-18-2025

Hello HS08, It might be the interface index selected instead of tunnel interface. Kindly check the below for reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-tracert-traceroute-behavior-over-IPsec-VPN-tunnel/ta-p/192200 Regards, P...

princes · 09-18-2025

Hi, Kindly run a packet sniffer for SNMP server IP and see what is the source IP selected from FortiGate. If the devices are in HA and the destination is not reachable through management interface you might need to disable ha-direct . This will ensur...

princes · 08-06-2025

HI, For Dialup IPSEC you need to use below option under phase1 settings: config vpn ipsec phase1-interface edit "Dialup_IPsec" ipv4-split-include "subnet" ------->define your split range and use that address object here. So the traffic which matched ...

princes · 08-06-2025

Hi, Also verify if the server accepts the connection only from a specific outgoing interface IP. This could create problem with another outgoing interface IP if SNAT is performed and new interface Ip is not whitelisted on destination. Thank you. Rega...

User Statistics

User Activity

Technical Tip: Different methods explained for DNS probe used in SD-WAN performance SLA

Technical Tip: Different session counts under GUI FortiView and CLI output

Technical Tip: LDAP Test Connectivity successful but user authentication fails for SSL VPN

Technical Tip: Web rating override and category control in FortiGate web filtering

Technical Tip: FortiGate DNS filter not working as expected

Re: Ikev2 ipsec remote access not working on fortios v7.4.4

Re: VPN Site to Site

Re: SNMP error after FortiGate 7.2.11 to 7.4.8 upgrade

Re: IPSEC split tunnel

Re: The policy does not work on FortiGate

Troubleshooting TIp: IPsec issues encountered with...

Technical Tip: LDAP Authentication with MAC addres...

Technical Tip: Securing a captive portal enabled i...

Technical Tip: Unable to resolve local FQDNs on Fo...

Technical Tip: IPsec phase-2 selectors deleted aut...

Re: VPN Site to Site

KCS

User Statistics

User Activity

You are leaving our website