Technical Tip: Restrict HTTPS access from certain ...

alwis · 10-28-2024

Description This article describes that the HA is out of sync due to system.storage. Scope FortiGate. Solution By comparing the system storage on both clusters, the following output was observed: Go under FortiGate -> System -> HA. When hovering over...

alwis · 10-23-2024

Description This article describes how to check unused Object in FortiOS. Scope FortiGate. Solution Unlike FortiManager which supports the function of Find unused objects: FortiGate does not and it is not possible to search for unused object via CL...

alwis · 09-30-2024

Description This article describes an issue when using a local-in policy to block a certain region address but not working as expected. Scope FortiGate. Solution Refer to the local-in policy configure below ; config firewall local-in-policy edit 1 se...

alwis · 09-24-2024

Description This article describes which destination addresses and services need to be allowed on Upstream devices. Scope Fortigate, Fortitoken, 2FA Solution Suppose there is a downstream FortiGate which having limited connectivity to the internet bu...

alwis · 08-26-2024

Description This article describes the issue when SSL VPN configuration is set to ban all cipher. Scope FortiGate. Solution Run the SSL VPN debug using the following command: diag debug resetdiag debug app sslvpn -1diag debug enable The following out...

alwis · 05-09-2024

Hi @despi Thank you for contacting Fortinet Support Forum. Based on the output $ dollar sign, did you have permission to enable this feature? I would suggest you to check on administrator profile. Regards Alwis

alwis · 05-06-2024

Hi @kenschae Thank you for contacting Fortinet Support Forum. If i understand correctly your query. For RDP you will use SSLVPN to your server and you have Virtual IP and a policy to point to your NGINX Proxy Manager. Did your VIP object is Port Forw...

alwis · 05-05-2024

Hi @Fluppy Seems the phase2 negotiation failed after rekey 3600 expired. Could you please try to turn off your PFS [Phase 2 setting]on fortigate side. Based on screenshot i believe it was not enable on Strong Swan . Regards Alwis

alwis · 05-05-2024

Dear @abbio90 If you set your subnet to be /32 on the interface, i don't think its possible to create a static route on fortigate since it was /32 and the only available ip is the 1.2.3.4 only since it was /32. Further more the ip set on interface an...

alwis · 05-01-2024

Hi @zainnykaz I believed your issue are related to Administrative Distance [AD], since your 2 of your ISP are using DHCP and it will use AD of 5. Since you have 3rd ISP and its static, by default fortigate will create AD of 10, you just need to chang...

User Statistics

User Activity

Technical Tip: HA is out of sync due to system.storage

Technical Tip: Check Unused Object in FortiOS

Technical Tip : Local-in Policy not working due to different ip registered location or the physical location of IP addresses

Technical Tip: FortiGate SSL VPN with 2FA behind another firewall

Technical Tip: Unable to connect SSL VPN due to unable to set ciphers

Re: Fortigate can't enable Multi-VDOM

Re: Virtual IP for npm breaks my VPN

Re: IPsec Tunnel to StrongSwan fails after about 1 hour

Re: STATIC Public IP /32

Re: WAN DNS

Technical Tip: Restrict HTTPS access from certain ...

Re: IPsec Tunnel to StrongSwan fails after about 1...

Re: Users do not get VLANs DHCP IP on VLAN Switch ...

Technical Tip: Expected behavior using an automati...

Technical Tip: SSL VPN user with FortiToken but NT...

Re: Virtual IP for npm breaks my VPN

Re: IPsec Tunnel to StrongSwan fails after about 1...

KCS