Description This article describes how to configure a schedule stitch
which will be triggered during specific period in order to monitor the
BGP. If the BGP which runs over IPsec is down, this tunnel will be
restarted. Scope FortiOS 7.0.x, 7.2.x, 7.4...
Description This article describes how to configure a 'schedule' for a
FortiGate user administrator. Scope FortiGate v6.4, v7.0, v7.2, v7.4,
v7.6. Solution Sometimes it is necessary to have a particular FortiGate
administrator be active only during w...
Description This article describes how to configure a link-monitor on
IPSec Aggregate and disable the routes associated with this aggregate.
Scope FortiGate v6.4, v7.0, v7.2, v7.4 and v7.6 Solution In v7.0.1 the
routing behavior is changed, all route...
Description This article describes how to schedule and disable/enable
FortiGate interfaces. Scope FortiOS v6.4, v7.0, v7.2, v7.4, v7.6.
Solution Sometimes is needed to do a scheduled disable/enable the
interface to reduce the unnecessary usage of spe...
Description This article provide guidance on how to perform initial
diagnostics for non working BGP over IPsec. Scope FortiOS v6.x, v7.x.
Solution BGP is widely used dynamic routing protocol. It allows to run
over IPsec tunnels which make it very use...
Hello HANDL_Eric , Did you check the session on the FortiGate which
allows the traffic to/from your FortiManager? If not, try the following
commands : List the sessions where your FortiManager is acting as
destination : diag sys session filter dst XX...
Dear Reshans, The provided routing table in the first screenshot is from
spoke 'SP1'? Make sure the following : HUB -> IPSec->
auto-discovery-sender is enabledHUB -> BGP -> route-reflector-client is
enabled Spokes -> IPSec-> auto-discovery-receiver i...
@osaleem2_10 , the order is : - configure the VPN (phase-1/phase-2),
then automatically will be created an VPN interface - Once the VPN
interface is created, you can add to as SD-WAN member to one of the
zones .
Dear @HS08, On the Azure you can configure a blackhole route for the
HUBs 10.100.0.0/16, and for the rest of the spokes 10.10x.0.0/16 , same
need to be done every spoke and the HUB. Yes, also is possible to
configure 10.0.0.0/8 blackhole route . Just...
Dear HS08, My suggestion is to check the session list for source IP
10.103.248.55 and destination IP 10.201.1.7 and compare the
ingress/egress interface + duration of the session. It could be possible
that the non working traffic (allowed by policy N...
