Technical Tip: How to verify HA cluster members in...

ESCHAN_FTNT · 08-19-2022

Description This article describes how to configure FortiManager to use custom certificate for HA communication on port 5199. Scope FortiManager v6.2.7 and above,v6.4.x, v7.0.,v 7.2.x. Solution By default, communication between FortiManager in HA clu...

ESCHAN_FTNT · 12-28-2020

DescriptionThis article describes how to check the webfilter database (DB) version on the FortiManager, and also show how to change or shorten the DB consolidation time.SolutionGo to FortiGuard -> Query Server Management -> Receive Status, it is poss...

ESCHAN_FTNT · 11-30-2020

Description This article describes how to rollback firmware on the FortiGate-6000 and 7000 series. FortiGate has two boot partitions on the flash memory to store the firmware images and configuration files.During a firmware upgrade, the new FortiOS i...

ESCHAN_FTNT · 10-19-2020

Description This article describes how to perform HQIP test on FortiGate-6k chassis. Solution There are two variants of FGT-6k chassis at the time of writing, FortiGate-6301F that consists of 6 Fortinet Processor Cards (FPC) and FGT-6501F with 10 FPC...

ESCHAN_FTNT · 05-27-2020

DescriptionPrior to firmware 5.4.0 (firmware 5.2 and below), user will be able to configure individual device storage quota. In firmware 5.4.0 onwards, the storage quota design have changed and is now based on ADOM level quota, in which the quota is ...

ESCHAN_FTNT · 01-12-2023

Hi sidp You can try mesh-selector-type subnet instead. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dynamic-creation-of-IPsec-tunnels-IKEv1-dynamic/ta-p/190346 for more information.

ESCHAN_FTNT · 01-09-2023

Hi sidp If the tunnel is not up, you should do ike debug instead of debug flow. Since FGT act as initiator in this case, probably you will need to enable ike debug on the Cisco side when FGT generate traffic towards Cisco side to see why tunnel is no...

ESCHAN_FTNT · 01-09-2023

Hi DanRole do not have any effect on the FortiGate. Setting the role means some GUI option is being hidden, and it simplifies things from GUI itself. I don't really set the role and I think it is safe to leave at LAN (default) or undefined. You can r...

ESCHAN_FTNT · 11-18-2022

Hi J, do you have SSL deep-inspection applied to the firewall policy? I am guessing most likely almost all sites are encrypted and running on HTTPS, so therefore it will not works without deep-inspection?

ESCHAN_FTNT · 11-08-2022

Hi CAB3 If I understand correctly, DMZ is part of the trust VLAN and your inside IP is also located in trust VLAN? You are trying to route some packet from DMZ to inside IP? If yes, you could just setup firewall policy from trust VLAN to trust VLAN.T...

User Statistics

User Activity

Technical Tip: How to configure FortiManager to use custom certificate for HA communication

Technical Tip: FortiManager web filter database version

Technical Tip: How to rollback firmware on FortiGate-6000 and 7000 series

Technical Tip: How to perform HQIP test on FortiGate-6000F (630xF/ 650xF) series

Technical Tip: How to configure individual 'device quota'

Re: Communication issues - ikev1 vpn Fortigate <-> Cisco IOS Router

Re: Communication issues - ikev1 vpn Fortigate <-> Cisco IOS Router

Re: Security Rating, Interface Classification: What should be VDOM Links roles?

Re: Fortigate DLP File Size Blocking

Re: Firewall on a stick DMZ policy rules

Technical Tip: How to verify HA cluster members in...

Technical Tip: How to bridge a FortiWifi SSID to a...

Re: Communication issues - ikev1 vpn Fortigate <->...

Re: Security Rating, Interface Classification: Wha...

Re: Fortinet Developper Network access ?

Re: Communication issues - ikev1 vpn Fortigate <->...

Re: Fortinet Developper Network access ?

Re: FortiManager: Firmware Template - FortiGuard I...

Re: Not being able to access through https to the ...

Fortinet Training Institute

KCS