Have a pair of 601E FortiGate units in a remote location. Connected to a
cloud environment via S2S VPN. Among other things, I need to be able to
send the FortiGate logs up to the cloud, and don't want to lose them if
the S2S goes down for any reason....
As of yesterday, in the phase2 settings for a site-site VPN connection
to Azure I had the following:set proposal aes128-sha256
aes256-sha256Last night, the connection failed.Looking at the saved
config from a couple of hours before I see the "set " a...
Have two new 601E Fortigate units. Running identical firmware.Each think
they're the only one. HA port is green on both. If I reboot the
"secondary" the "primary" sees the link drop.Primary is set to priority
200, secondary is left at default.Reset p...
Would like to enable fips-cc mode on a new pair of FortiGates. I seem to
recall something about it requiring "reliable" logging when logging to a
syslog server, but cannot seem to locate any information in that
regards. We don't want to spend the ext...
Depending on how a client gets out to the Internet, through the FG, is
either very quick, or very sluggish.client -> Linux proxy(port 3128) ->
Fortigate(443) - Outside(443). Very quickclient -> Fortigate( Explicit
Proxy port 3128) - Outside(443). Ver...
Interesting.What I had for phase 1:set proposal aes128-sha1
aes256-sha-256 aes256-sha1Removing the first and last, leaving
aes256-sha256 enabled me to set phase 2 to aes256 as well.Odd that it
allowed me to set phase2 to aes256 before today.
Nice thought, but no change.Brought the interface down and went to
configure with "set proposal ?" and the only options which are shown are
the various AES128 settings. Still get the parse error, "Command fail.
Return code -61" when trying to set aes...
D'ohYes. I had enabled both in the beginning for fips-cc mode. The
factory reset removed it from the secondary. Too many things going on.
Thanks for the light.
The diagnose commands showed the following:"enc/auth mismatch:
hdr_enc/auth=1/1, my_enc/auth=0/0"and lists the serial # of the opposite
unit. Resetting the HA password did not change the result.
