I saw some conversation about stopping auto-upgrade on FGTs before after
7.2.8. And, we're doing it manually for those FGTs that are NOT managed
by FMG. Then when we tried the same for those managed by FMG, the change
was rejected because it's manage...
This version of FMG was released last week and now CVE-2024-47575 is
released as well.https://www.fortiguard.com/psirt/FG-IR-24-423However,
the release notes doesn't have anything in the resolved issue section.
Does this actually have the vulnerabili...
A basic question: Would Websocket app (TCP 443) traffic be filtered by a
policy with a Web Filter profile? Or do we need to match it with
Application Control in a separate policy before or after the web filter
policy?Thanks, Toshi
I'm working on migrating my home OpenSUSE machine I'm using for
freeradius server to authenticate admin and VPN users on my FG40F(7.2.8)
from Leap 15.3 to 15.5(on a new machine). Obviously 15.5's repo has a
newer version of freeradius-server image.Th...
As all the other users at FortiCloud must have gotten, I received an
announcement email per email account for 2FA auth enforcement starting
June the 7th.My question is if it would apply to this Forum login
account. I've kept using my old account emai...
And if you don't specify the source option, the ping packet has the
outgoing interface IP, which is generally a public IP. That's why it
works without NAT.
What do you mean by example? Your case is an example. You can pick any
other source IP, which is a private IP. Then the ping to the internet
would fail.But the easiest way to "see" it yourself is opeinging two CLI
sessions. At one of them, run a snif...
It's expected.Ping-option/source IP just changes the source IP area of
ICMP/ping packets before going out of the outgoing interface. It doesn't
cause those packets to go through any policies, where regularly
NAT(SNAT) is configured. As the result, th...
This
KB:https://community.fortinet.com/t5/FortiGate/Technical-Tip-VLAN-forward-interface-parameter/ta-p/193078says
only "meaningful". So I would interpret it as it's
"meaningless"(antonym) if it's not TP mode and even if you configured
it. I wouldn't...
Yes, of course. I don't know anything about FAZ since we don't have it,
but for FMG, when you remove a FGT properly, it would change the FGT's
central-management config and the FGT would continue to work as a
standalone device.Toshi