Technical Tip: Use a new FortiOS mechanism to auto...

syordanov · 01-27-2025

Description This article provide guidance on how to perform initial diagnostics for non working BGP over IPsec. Scope FortiOS v6.x, v7.x. Solution BGP is widely used dynamic routing protocol. It allows to run over IPsec tunnels which make it very use...

syordanov · 12-20-2024

Description This article explains the difference between DNAT(VIP) and Full Cone NAT. Scope FortiOS 7.6.0+ Solution DNAT (VIP) and Full Cone NAT are Network Address Translation. The DNAT (VIP) is a technique where external client/hosts are allowed to...

syordanov · 11-25-2024

Description This article describes how FortiGate performs SNAT when multiple IP pools are configured. Scope FortiOS 5.x, 6.x, 7.x Solution FortiOS allows the configuration of multiple IP pools in a firewall rule. This is useful when two or more inter...

syordanov · 10-14-2024

Description This article describes how to filter in a BGP neighbor-group based on remote-AS. Scope Starting from 7.4.4 GA and 7.6.0 GA Solution In FortiOS 7.4.4 and 7.6.0 is introduced a new feature which allows assignment of multiple remote Autonomo...

syordanov · 09-30-2024

Description This article describes configuring an IPSec tunnel between 2 FortiGates using loopback interfaces. Scope FortiGate v6.4, v7.0, v7.2,7.4, v7.6. Solution FG-1 with loopback interface 10.10.9.1. FG-2 with loopback interface 10.10.11.1. The I...

syordanov · 03-18-2024

Hello RolandBaumgaerhner72, If you want to combine Policy routes + SD-WAN , keep in mind that Fortigate fist process the policy routes and if there is no match then checks the SD-WAN . The KB bellow provides a useful information for the behaviour of ...

syordanov · 03-18-2024

Hello Thoubik , As far as i understand you have topology like this : VLAN100<-->Fortigate<-->VLAN200 Withoyt asymetric routing you can route the traffic from VLAN100 to VLAN200 or vica versa , you just need to configure proper FW rules and adjust the...

syordanov · 02-22-2024

Hello Mirza_Asad2723, For option No1, '4 0 l' , 4 means "Print header of the packet + interface name", 0 means unlimited packet capture, l means local FW time as a timestamp . For Option No2, proto 1 means, filter by protocol No1 which is ICMP(ping),...

syordanov · 02-21-2024

Hello Chris, I hope you are doing well. As far as i understand you have few VMs connected to your device, to which interface they are connected to ? What is the IP address and interface config for that interface ? Please run the debug bellow and gene...

syordanov · 02-21-2024

Hello, Using the commands above Fortigate will generate 50 ICMP messages with source IP 59.37.244.221 to destination IP 205.89.157.8. If you want to track the ICMP you can open a new SSH session and run the following commands : Option No1 : diagnose ...

User Statistics

User Activity

Troubleshooting Tip: Troubleshooting BGP over IPsec

Technical Tip: Difference between DNAT(VIP) and Full Cone NAT

Technical Tip: FortiGate firewall rule with multiple IP pools for SNAT

Technical Tip: How to filter AS in BGP neighbor-group

Technical Tip: IPSec between 2 FortiGates using a loopback interface

Re: Policy Routes with SD WAN - Suggestions

Re: inter-VLAN routing issue

Re: PINGING WITH REPEAT COUNT AND SOURCE ADDRESS

Re: DMZ using loopback.

Re: PINGING WITH REPEAT COUNT AND SOURCE ADDRESS

Technical Tip: Use a new FortiOS mechanism to auto...

Technical Tip: Check the session list and filter b...

Technical Tip: Enable SNMP index extension

Technical Tip: How to filter AS in BGP neighbor-gr...

Technical Tip: How to configure FortiGate to use T...

Re: WAN Interface not shown in Firewall Policy

Re: Fortigate Limited Access

KCS

User Statistics

User Activity

You are leaving our website