I saw some conversation about stopping auto-upgrade on FGTs before after
7.2.8. And, we're doing it manually for those FGTs that are NOT managed
by FMG. Then when we tried the same for those managed by FMG, the change
was rejected because it's manage...
This version of FMG was released last week and now CVE-2024-47575 is
released as well.https://www.fortiguard.com/psirt/FG-IR-24-423However,
the release notes doesn't have anything in the resolved issue section.
Does this actually have the vulnerabili...
A basic question: Would Websocket app (TCP 443) traffic be filtered by a
policy with a Web Filter profile? Or do we need to match it with
Application Control in a separate policy before or after the web filter
policy?Thanks, Toshi
I'm working on migrating my home OpenSUSE machine I'm using for
freeradius server to authenticate admin and VPN users on my FG40F(7.2.8)
from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a
newer version of freeradius-server image.Th...
As all the other users at FortiCloud must have gotten, I received an
announcement email per email account for 2FA auth enforcement starting
June the 7th.My question is if it would apply to this Forum login
account. I've kept using my old account emai...
My point is those SSL VPN users don't need to use the public IP even
when they're off-site accessing over the internet since they have SSL
VPN (isn't that the purpose of having SSL VPN?).And only if someone else
needs to access it over the internet W...
So you want for all SSL VPN users to use the VIP outside IP (currently
WAN interface IP) to access the device with 10.0.0.2 IP, right? While
those SSL VPN users can access directly to 10.0.0.2 when the VPN is up.
Why do you need the VIP at the first ...
Without a proper route in RIB back to the incoming interface, FGTs would
just drop the incoming packets by "reverse path check fail".@HS08Since
it's not working now, it wouldn't hurt you just try it and tell us the
outcome. You can simply remove it i...
That's because Azure advertises the same routes from both sides while
your FGT picks one side of BGP routes and put it into RIB. You need to
enable ECMP for eBGP (ASNs are different between Azure and the FGT) like
below:config router bgp set ebgp-mul...