Hello, I have 2 ISP's connected to WAN1 and WAN2. I have a default
static route to send everything out of WAN1. When creating VPN tunnels,
I build one on WAN1 and one on WAN2 and duplicate the rules. These are
policy based VPNs.What I am having troub...
Hello, Are there any good ways to test IPSEC VPN tunnel latency from the
FortiGate? I currently just ping one of the endpoints from the CLI but
was wondering if anyone does something differently. Ideally I would like
this graphed out, but I do not th...
Hello, Is anyone running 0.0.0.0/0.0.0.0 as the source and destination
for a P2 selector? I have a growing list of about 30 P2's that would be
much easier to manage if it were just the one wildcard entry. I would
still be controlling the traffic on m...
5.6.10 was just released. Can anyone confirm if it resolves the SSL VPN
issue? I'm thinking it might be 542706. Bug ID Description515370 SSL VPN
access denied if address object added after group object in firewall
policy540328 SSL VPN web mode access...
It looks like one of their workarounds is the IPS signature, and looking
into that sig, they specify revoked Fortinet certificates. So I would
assume as long as you arent using Fortinet certs for anything you should
be fine. I wont be rushing to upgr...
I turned off TLS 1.0 and TLS 1.1 but that did not turn off the 3DES
ciphers. Even the FortiOS™ Handbook - SSL VPN v5.2.12 states 3DES would
still be be enabled. This does not look possible in 5.2. I will open a
ticket to confirm.