Troubleshooting TIp: IPsec issues encountered with...

princes · 05-09-2025

Description This article describes how to trigger an automation stitch with CLI commands when an BGP event is triggered. Scope All supported versions of FortiOS. Solution Create an automation stitch under Security Fabric -> Automation, as explained i...

princes · 04-10-2025

Description This article provides a basic overview of use cases and traffic flow in policy-based and route-based tunnels. Scope FortiGate. Solution In some scenarios, there is a requirement to configure policy-based IPSEC VPNs. If the remote device c...

princes · 03-10-2025

Description This article describes the challenges of integrating a FortiGate into an IBM Q-RADAR SIEM solution. Scope FortiGate. Solution The integration of FortiGate or Forti Analyzer to the IBM SIEM solution might not work as expected. The configur...

princes · 03-05-2025

Description This article describes the challenges in tunnel failover if a remote vendor is a non FortiGate. Scope FortiGate. Solution In cases with multiple IPsec tunnels for failover purposes, FortiGate has multiple options to perform failover. Use ...

princes · 02-21-2025

Description This article describes the issue when the explicit proxy is not listening even after configuring it under proxy settings. Scope FortiProxy. Solution While configuring the explicit proxy feature in the FortiProxy device, the interface is n...

princes · 01-16-2024

Hello, Seems you are moving to the new product, we do have the feature you mentioned. The difference is we call it as central NAT , it is up to you how you want to utilize it. If you operate in central NAT mode you can have all your NAT rules in one ...

princes · 01-16-2024

Hello , I think you want to block geolocation address while allowing it for a particular location or source range. You can achieve this by simply using local in policy. By default the action is to deny for these policies. So you have to follow the be...

princes · 01-16-2024

Hello, As we understood you have already working Vlan subnets which needs to be modified . Best way is to create Vlan but do not assign IP for the moment (put unused dummy ip). However as you mentioned you already have static addresses on Printer and...

princes · 12-06-2023

Hi , It depends on you, if your downstream switches have multiple Vlans configured and you just have a reverse route pointed towards the SW on Fortigate,,,in this case you can simply create a rule with your physical interfaces. And if you have vlans ...

princes · 12-06-2023

Hi, It is expected only if you use SDWAN. However for your VIP (DNAT) configuration you can map your dedicated interfaces . Your wan interfaces would be listening to the incoming requests from outside. Yu can also mention it as 0.0.0.0 as external on...

User Statistics

User Activity

Technical Tip: Trigger CLI script through an automation stitch for BGP event logs

Technical Tip: IPSEC traffic flow and use cases with policy-based vs route based-tunnels

Technical Tip: Unable to integrate FortiGate with IBM Q-RADAR SIEM solution

Troubleshooting Tip: IPsec tunnel failover issues with different vendor devices

Technical Tip: FortiProxy is not responding to explicit proxy traffic over listening interface

Re: Incoming NAT

Re: Geo location ip blocking for particular server

Re: Network Segmentation - VLAN Plan

Re: Getting SubInterfaces To Go to Internet

Re: WAN Interface not shown in Firewall Policy

Troubleshooting TIp: IPsec issues encountered with...

Technical Tip: LDAP Authentication with MAC addres...

Technical Tip: Securing a captive portal enabled i...

Technical Tip: Unable to resolve local FQDNs on Fo...

Technical Tip: IPsec phase-2 selectors deleted aut...

KCS

User Statistics

User Activity

You are leaving our website