Description This article describes the implementation of ZSTD encoding
and the possible workarounds for enabling access to these sites. Scope
FortiOS. Solution ZSTD is a compression mechanism, lossless and faster
than others extensively used so far. ...
Description This article describes that the Guest admin account is no
longer able to see the user password in the GUI, despite having correct
credentials. The Password field for the user shows 'ENC XXXX' instead of
displaying the password in clear te...
Description This article describes the solution for removing or
disabling FortiAnalyzer on FortiGate when the following error appears
when attempting from:CLI: FortiAnalyzer is used by quarantine settings
node_check_object fail! for status disable va...
Description There are certain questions from users about features that
do not work as expected , or as according to the documentation. This
article does not refer to these cases individually (such as
misconfiguration, misunderstanding, or bugs). This...
Description This article allows for a visual guide of RIP configuration
in FortiGate GUI on a single FortiGate. RIP is normally used in small
and medium-sized networks. Scope FortiGate. Solution RIP can be accessed
in GUI and these are the available ...
Not very familiar with the DHCP setup, but check this article and see if
there are any differences from your
config:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-setup-the-FortiGate-to-assign-IPv6/ta-p/194156
and ultimately, check that the ipv6 IP that is sourced in the debug flow
is part of the subnet defined on the lan, and it matches the subnet
defined in the policy "source"
"Does the remote firewall even know, what IP I was using in GW field of
policy route (I think not)?" - probably not. But remote gateway needs to
be set up as the next hop IP, per RFC. And that applies for the remote
device too. "just static routing p...
This is progress.My guess is that the firewall policy allowing the
traffic LAN > WAN is not set up to allow ICMPv6 and ICMP (specifically,
not "ALL" service).Something is not matching there
The outputs are a little mixed up. There is no need to add the "lan" or
"wan" as interface filter in the sniffer. Use "any" and should cover
both network segments. Debug flow shows that packets are sent out. It
seems that the return packet is either ...