I saw some conversation about stopping auto-upgrade on FGTs before after
7.2.8. And, we're doing it manually for those FGTs that are NOT managed
by FMG. Then when we tried the same for those managed by FMG, the change
was rejected because it's manage...
This version of FMG was released last week and now CVE-2024-47575 is
released as well.https://www.fortiguard.com/psirt/FG-IR-24-423However,
the release notes doesn't have anything in the resolved issue section.
Does this actually have the vulnerabili...
A basic question: Would Websocket app (TCP 443) traffic be filtered by a
policy with a Web Filter profile? Or do we need to match it with
Application Control in a separate policy before or after the web filter
policy?Thanks, Toshi
I'm working on migrating my home OpenSUSE machine I'm using for
freeradius server to authenticate admin and VPN users on my FG40F(7.2.8)
from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a
newer version of freeradius-server image.Th...
As all the other users at FortiCloud must have gotten, I received an
announcement email per email account for 2FA auth enforcement starting
June the 7th.My question is if it would apply to this Forum login
account. I've kept using my old account emai...
It's not about FGT HA in the two scenarios, but it's about the purpose
of Catalyst stacking. Because if you add the LAN side in HA monitoring
interface in addition to the WAN side, the FGT1 would failover when the
SW1 goes down.However, the problem s...
Haven't tested and don't have time to test before my vacation, but an
idea is to set two VIPs from both interfaces to forward IPsecs(UDP
500/4500) to a loopback interface, and make sure the policy doesn't
block ESP. Again, just an idea.Toshi
Both neighbor-group and neighbor-range are only locally significant. The
other end wouldn't know if the peer is using them or not. Because this
part is NOT in BGP's RFC/standard.And, BGP is unicast protocol and it
cares only the peer IP. It doesn't m...
I understand where @Yurisk 's comment is coming from. I think for the
same reason I haven't tried with FGTs we manage although some of them
have more than 100 neighbors. But, we do use neighbor groups with
Juniper routers for our large scale network ...
