Hi!After on boarding many FortiGates into FortiManager (7.2.8) and using
FortiManager's "Find duplicate objects" we see a very large number of
duplicate Address objects in the GUI.However, there's no option to
produce a report, or even download these...
Hi!I seek clarification on the feature Protecting an SSL server (aka.
firewall ssl-ssh-profile's server-cert-mode is "replace").Is it
mandatory that the specified "Server certificate" (in SSL/SSH Inspection
Profile) be identical to the actual server ...
Hi!KB "Keep the flash partition without it being overwritten (For
rollback purposes)" seems useful, except, I think it's problematic. It
basically, says, we can manipulate which into partition the new firmware
image will be stored to keep (original f...
Hi!in section "Checking FortiManager databases" of "FortiManager Upgrade
Guide", I see: "Before running integrity check commands, ensure ... no
objects are locked." but does not say how to achieve this if there are
many ADOMs, many Devices, many Poli...
Hi!In ACME certificate support see "It must not have any VIPs, or port
forwarding on port 80 (HTTP) or 443 (HTTPS)". Since port-forwarding and
Virtual Servers are a feature of VIP object, this text is unclear (to
me).Does the requirement refer to ALL...
Hi @dingjerry_FTNT in most cases, the Issuer of public certificates (ie.
“CA”) is same for all certificates used by an organisation - this isn’t
a critical limitation, however, the Subject of the certificate is most
critical. Previously, you’ve state...
Hi @dingjerry_FTNT 1) The Common Name of the certificate has to be the
same as the one on the real server; this is a major limitation - it
prevents usage of a wildcard certificate being used within
ssl-ssh-profile (if actual server certificate specif...
Hi @dingjerry_FTNT Are there any prerequisites, requirements or
conditions on these certificates for feature Protecting an SSL server to
work? For example, you mentioned common CA. Thanks!
