Re: FortiGate - VLAN Want To Create a Lockdown Pol...

Immu · 03-18-2024

Hi, I have a problem with FortiOS and ansible.I am not able to connect with ansible to FortiOS via SSH.I don't have any problems with httpapi, but it's not that simple to enter just "regular commands"... e.g. "execute ping x.x.x.x" or "get system sta...

Immu · 05-22-2023

Hi, I have a problem with firmware upgrades of a FGT-Cluster.A part of the configuration gets lost after upgrading the firmware of the cluster.I don't even know the steps/update path of the last time.But this time the upgrade was from 7.2.3 to 7.2.4....

Immu · 05-15-2023

Hi, I have an issue with use of VRFs.I configured the FGT like descriped in the following instruction: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/752950 The FGT has two IPsec tunnels, one for primary and one as backup.All...

Immu · 05-02-2023

Hi community, I have a problem regarding authentication via TACACS+ on FGT units (FGT40F).I have two WAN interfaces, but their're no members of a SD-WAN. If the primary interface goes down, the login via TACACS+ is not possible anymore.Also I configu...

Immu · 01-16-2024

Hi, don't have the exact same scenario... I don't use a LDAP-Server for that.All users are configured as local users and MFA via mail works fine. Can you try your setup with a local user instead of a LDAP user?I know that it doesn't solve your curren...

Immu · 12-29-2023

Hi, as @dbu wrote use two-factor-authentication...Good to know: You do not need to buy any FortiTokens, if you use method via mail.But you can only set this via CLI:config user localedit set two-factor emailset email-to Of cource you need a SMTP ser...

Immu · 12-29-2023

You can not enter the command "show config webfilter urlfilter".Either "show webfilter urlfilter" or "config webfilter urlfilter"... the manual seems correct to me.I mean someone forgot the "config webfilter urlfilter" command to get in the section.....

Immu · 12-15-2023

You can start a packet capture on the FGT (Network > Diagnostics > choose interface and set filter).And filter the source IP addresses (addresses of IoT devices).After a while you should be able to see (use Wireshark!) what these devices are trying t...

Immu · 12-15-2023

Good aspect - I also corrected my post...But I guess he wants that FGTA is usually the primary one... and I prefer the priority statement. Additionally I didn't recognize the failovers while working because it smoothly worked.

User Statistics

User Activity

FortiOS and ansible via SSH

Configuration loss after firmware upgrade

No seperation using VRFs

No login possible via TACACS+-User, when primary WAN-Interface down

Re: FortiGate 80F and MFA Issues

Re: SSL VPN Vulnerabilities and Best Practices Discussion

Re: Block Personal gmail but allow corporate Gsuite in fortinet 200F Firewall

Re: FortiGate - VLAN Want To Create a Lockdown Policy for It

Re: Fortigate 100F HA Pair

Re: FortiGate - VLAN Want To Create a Lockdown Pol...

Re: Fortigate 100F HA Pair

Re: No login possible via TACACS+-User, when prima...

Re: Configuration loss after firmware upgrade

Re: FortiGate - VLAN Want To Create a Lockdown Pol...

Re: No login possible via TACACS+-User, when prima...

Re: Configuration loss after firmware upgrade