Re: LACP Aggregate Port Issue – Mismatch actor key

dingjerry_FTNT · 05-18-2025

Description This article explains the log rate/log insert speed info in some FortiAnalyzer CLI commands. Scope FortiAnalyzer. Solution In some outputs of some FortiAnalyzer CLI commands, there is such log rate info: diagnose fortilogd lograte last 5 ...

dingjerry_FTNT · 02-14-2025

Description This article describes the requirements of a Server Certificate in an SSL Inspection profile while selecting 'Protecting SSL Server'. Scope FortiGate. Solution When creating or editing an SSL Inspection profile, and selecting 'Protecting ...

dingjerry_FTNT · 02-14-2025

Description This article describes one scenario (GRE + IPSec) that is unsupported for NP7 offloading. Scope FortiGate. Solution NP7 offloading supports the GRE tunnel, including terminating on FortiGate or passing through FortiGate.NP7 offloading sup...

dingjerry_FTNT · 02-09-2025

Description This article explains the behavior of 'Inspect All' in an SSL/SSH inspection profile. Scope FortiProxy. Solution When creating or editing an SSL/SSH inspection profile, there is an option called 'Inspect All'. Full SSL Inspection: Perform...

dingjerry_FTNT · 02-03-2025

Description This article describes the 'Default Device Selection for Install' option in ADOM settings while creating or editing one ADOM on FortiManager. Scope FortiManager. Solution When creating or editing one ADOM on FortiManager, there is an opti...

dingjerry_FTNT · 05-30-2025

Do you have to use IKEv2? For IKEv2, my understanding is that the FGT will try to match the tunnel from top to bottom in the IKE_SA_INIT phase. The Peer ID info is in the next phase, called IKE_AUTH. For IKEv1, the peer ID info is in the very first m...

dingjerry_FTNT · 05-29-2025

Again: 1) Did you configure both tunnels as "Aggressive mode"? 2) "ike V=root:0:TUNNELB: ignoring IKEv2 request, no policy configured"This message indicates that you have no firewall policies configured for this tunnel. If possible, please share your...

dingjerry_FTNT · 05-29-2025

Hi @ForgetItNet , 1) No need to configure "local ID" for the IPSec VPN on FGT; 2) Make sure that you are using "aggressive mode" for both IPSec VPN tunnels. If you still have the issue, please: 1) Provide your FGT config, or at least, the IPSec VPN t...

dingjerry_FTNT · 05-27-2025

2025-05-19 19:03:40 id=65308 trace_id=41 func=vf_ip_route_input_common line=2612 msg="find a route: flag=80000000 gw-172.16.10.1 via root" 2025-05-19 19:03:40 id=65308 trace_id=41 func=__iprope_tree_check line=539 msg="gnum-100004, use addr/intf hash...

dingjerry_FTNT · 05-26-2025

Hi @akazemfar , 1) Technically, if the destination LAN network knows how to return the traffic, no need to enable NAT in the firewall policies for the IPSec VPN traffic; 2) Double check whether you have any IP Pool configured with or including 172.16...

User Statistics

User Activity

Technical Tip: Explanations about log rate/log insert speed info in some FortiAnalyzer CLI commands

Technical TIP: Requirements of Server Certificate in SSL Inspection profile

Technical Tip: GRE + IPSec not supported for NP7 offloading

Technical Tip: Explanation of 'Inspect All' in SSL/SSH inspection profile

Technical Tip: Explanation of 'Default Device Selection for Install' in ADOM settings on FortiManager

Re: Peer ID being ignored on IPSEC vpns

Re: Peer ID being ignored on IPSEC vpns

Re: Peer ID being ignored on IPSEC vpns

Re: IPsec VPN for Remote Access Network Issue

Re: IPsec VPN for Remote Access Network Issue

Re: LACP Aggregate Port Issue – Mismatch actor key

Re: LACP Aggregate Port Issue – Mismatch actor key

Re: Fortigate-50G unable to be properly managed by...

Re: Fortigate 200G active/passive licence

Re: Creation of Custom VSA

Re: Reachability Issue Between Head Office and Bra...

Re: Fortigate 71G

Re: block vip admin page

Re: Fortigate SSL-VPN client failed to get gateway

Re: Fortigate IPSEC VPN - One Way Traffic issues

Fortinet Training Institute

KCS

User Statistics

User Activity

You are leaving our website