Re: Fortigate OSPF routes

Toshi_Esumi · 01-14-2025

I saw some conversation about stopping auto-upgrade on FGTs before after 7.2.8. And, we're doing it manually for those FGTs that are NOT managed by FMG. Then when we tried the same for those managed by FMG, the change was rejected because it's manage...

Toshi_Esumi · 10-23-2024

This version of FMG was released last week and now CVE-2024-47575 is released as well.https://www.fortiguard.com/psirt/FG-IR-24-423However, the release notes doesn't have anything in the resolved issue section. Does this actually have the vulnerabili...

Toshi_Esumi · 07-24-2024

A basic question: Would Websocket app (TCP 443) traffic be filtered by a policy with a Web Filter profile? Or do we need to match it with Application Control in a separate policy before or after the web filter policy?Thanks, Toshi

Toshi_Esumi · 07-21-2024

I'm working on migrating my home OpenSUSE machine I'm using for freeradius server to authenticate admin and VPN users on my FG40F(7.2.8) from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a newer version of freeradius-server image.Th...

Toshi_Esumi · 05-07-2024

As all the other users at FortiCloud must have gotten, I received an announcement email per email account for 2FA auth enforcement starting June the 7th.My question is if it would apply to this Forum login account. I've kept using my old account emai...

Toshi_Esumi · 02-04-2025

I felt the same when I tested last few years with 6.4.x and 7.0.x. FTNT couldn't come up with a good terminology other than "trunk" when they developed this new feature with new chip.Toshi

Toshi_Esumi · 02-04-2025

FGT's VLAN switch "trunk" port is NOT a general trunk port you're familiar with.It (ASIC) is not designed to do what you're thinking it "should" do. It would just aggregate ONLY those native VLANs configured on VLAN switch interfaces I showed above.T...

Toshi_Esumi · 02-04-2025

Just treat as any other internet circuits when you configure it as a member of SD-WAN zone. If DHCP or PPPoE configure it accordingly.Toshi

Toshi_Esumi · 02-04-2025

CG-NAT is inside of your ISP network and generally won't affect outbound connectivity to the internet at their customer side. Generally any devices capable handling NAT wouldn't have any problem connecting to CG-NAT based ISP networks.Toshi

Toshi_Esumi · 02-03-2025

First, any ports not a part of VLAN switch(config system virtual-switch) interface would not be a part of FGT's VLAN switch "trunk" port. Only the native VLAN you configured in the VLAN switch interface like below would be a part of the "trunk" port....

User Statistics

User Activity

Stop auto-firmware-upgrade via FMG

FMG 7.2.8

Websocket app traffic with Web Filter

RADIUS attribute: Message-Authenticator

FortiCloud login 2FA enforcement

Re: VLAN Switch on 100f not giving out native IP address on trunk

Re: VLAN Switch on 100f not giving out native IP address on trunk

Re: CGNAT in Fortigate 100F

Re: CGNAT in Fortigate 100F

Re: VLAN Switch on 100f not giving out native IP address on trunk

Re: Fortigate OSPF routes

Re: Redistribute iBGP routes to OSPF in FortiGate

Re: Layer3 Fortiswitch

Re: FortiGate stripping BGP TCP option 19

Re: Fortimanager best practice

Re: Edit VDOM Name

Re: Trying to create a Sub-Interface on Vlan 1 wit...

Re: Static URL Filter Limit

Re: Stuck at v7.0.17

Re: Address Object Tied with Disable Interface

Super User

User Statistics

User Activity

You are leaving our website