I have a zone on the FortiGate named "VPN Zone", which includes both
SSL-VPN and IPsec.We are now testing a ZTNA appliance that is connected
via the X1 interface -> VLAN 101.I added the VLAN 101 interface to the
existing "VPN Zone" and included its s...
I've set up an IPsec VPN with certificate-based authentication and
started migrating away from SSL-VPN. Unfortunately, around 10% of our
remote users are on DS-Lite. This means they have a public IPv6 address
but share a single IPv4 address via Carri...
Maybe someone with a deeper understanding can shed some light on
this.I've set up an IPsec VPN using certificate-based authentication and
tested it with a small user group — it works great.I then handed it over
to software delivery. They did what the...
Can I just flip the switch on IPSec XAUTH² to 'inherit from policy' and
use the same rules as SSL-VPN, where you have to specify a Source and
User/Group? Last time I tried this, the FortiGate acted as a MITM for
IPSec users and redirected HTTPS³ to i...
We still have 2 IPsec profiles in the Fortclient and 2 DNS records. 1.
for IPv4 -> vpn_ipv4.company.corp -> DNS A Record only2. for IPv6 ->
vpn_ipv6.company.corp -> DNS AAAA Record only. Config looks like this
(FG 7.4.9) (V6 part)edit "IPSec VPN IPv6...
Got it working by moving the clients to another subnet and using the
VLAN101 as a transport net. So the fault was the appliance assigning IPs
to the VLAN101.
I got it working by splitting the DNS into separate A and AAAA records
and adding two profiles in FortiClient, respectively.ipv4.company.com →
VPN via IPv4ipv6.company.com → VPN via IPv6 I've seen this bug before,
but I thought FortiClient v7.4.3 had...
Seems to be a bug in the FortiClientVPN v7.4.2 that most of our users
had installed. We are looking to upgrade to FortiClientVPN v7.4.3 or
v7.2.9Still testing. # UpdateWorks fine now with FortiClientVPN v7.4.3,
v7.4.2 is bugged.
