Hi!there are three to-the-Fortigate policies - Local-in,
Auto-provisioned and Admin-in Policies.However, I'm unable to find
documentation listing the order of execution/priority in which these are
processed to determine which will occludes (ie. preve...
Hi! On one hand, Fortinet warns "Packet capture can be very resource
intensive. To minimize the performance impact .. use packet capture only
during periods of minimal traffic ... and be sure to stop the command
when you are finished." But, on the ot...
Hi!FortiGate / FortiOS 7.0.0 FortiOS Release Notes introduces:677784Add
commands to debug traffic statistics for traffic monitor interfaces
(interface), interface traffic in real-time data (peek), and to dump
interface traffic history data (history):...
Hi!There seems to be a severe limitation with 'firewall local-in-policy'
as scalable substitute for 'system admin' limit of 10 trusthosts. Since
(a) 'firewall local-in-policy' cannot reference 'system admin user' as
allowed source; nor (b) 'system ad...
Hi!I wish to implement OSCP Stapling for some (not all) firewall
policies referencing a "firewall ssl-ssh-profile" with "inspect-all" set
to "deep-inspection". KB 198293 comments on "vpn certificate setting",
"vpn certificate ocsp-server" and notes "...
Hi @bkrishnan I’ve provided “Policy Group” as related to Fortigate (not
Fortipam). Is it possible to provide answer applicable to Fortigate -
listed in order of execution/priority?Thanks!
Hi @aastardzhiev,these are "Policy Group" I'm referring to:(Custom)
Local-in Policy - 00100001Auto-provisioned Local-in Policy -
0010000e(allowaccess) Admin-in Polilcy - 0010000fSo, no, they're very
distinct and I seek definitive answer on the order ...
@fernandezm_FTNT I have no doubt you know the subject, but this post - a
mishmash of GUI and CLI - is too hard to follow. The only mandatory
graphic: network/topology diagram - is missing, whilst the rest should
have been CLI alone. Additionally, "wh...
Hi @jiyong @jiyong wrote:Hi @AlexFerenX :To use the above debug, the
settings below must be enabled.config system interfaceedit mgmtset
monitor-bandwidth enableNo, that cannot be correct - I've done same, and
don't see any output: CENSORED (vdom-ext)...
Hi @AlexC-FTNT Every packet capture started in GUI
(Network/diagnostic/packet capture) starts a new process
"httpssnifferd", so you can see them with:diag sys process pidof
httpsnifferorfnsysctl ps (this will give some more information about the
pack...