I am seeing some strange ARP requests from our Fortigate using
Wireshark. I'm not sure the best way to describe it. It's as if the
Fortigate has a cooldown of 1 second in between ARP requests. So when a
device doesn't respond, it keeps sending reques...
When creating firewall policies, it can be tedious and error prone to
have to keep adding in common internet service databases. For example, I
would like to have one group/object that has the Botnet-C&C.Server,
Malicious-Malicious.Server, and Phishin...
We have recently switched to Fortigate. I'm trying to figure out what
the best process is to unblock a website when it is blocked by both the
web filter and DNS filter categories. The Fortigate is running FortiOS
v7.0.12. First idea was to use a cust...
There really isn't much to show. All I see is that the Fortigate sends
ARP requests to about 10 to 20 different IPs once every second for long
durations of time. When you sort the packet capture by the "info,"
you'll quickly see 99% of the ARP reques...
I ended up opening a support ticket about this as I was curious as to
what was going on. Support was able to narrow down the issue.
Occasionally a few devices will disconnect from the network before
closing their open TCP sessions. The Fortigate will...
I tried testing this by pinging other clients and was not able to
replicate the issue. But the theory of pings makes a lot of sense due to
the 1 second interval between the ARP requests. I'll maybe have to look
into if there are any features on the f...
It appears that the policy method is failing due to the Fortigate only
resolving wildcard FQDN address objects when they are used. Thus, the
policy that is meant to allow the traffic is skipped because the address
isn't resolved yet and goes on to th...