Technical Tip: FortiGate and ZSTD implementation (...

AlexC-FTNT · 12-05-2024

Description This article describes the checklist of items for FortiGate to facilitate Let's Encrypt ACME certificate provisioning. Scope FortiGate v7.0+ Solution Complete checklist and limitations for Let's Encrypt ACME certificate provisioning: Port...

AlexC-FTNT · 10-08-2024

Description This article describes that the 'By sequence' view is either available after a migration from another vendor, or manually set up in CLI. Follow this article for details: Technical Tip: Configure sequence grouping for firewall policies for...

AlexC-FTNT · 09-18-2024

Description This article describes how to display the list of current running packet captures. Note that running packet captures or sniffers issued through CLI (applet or SSH connection) cannot be displayed. Scope FortiOS. Solution FortiOS can displa...

AlexC-FTNT · 08-22-2024

Description This article explains how the security profiles are applied in a FortiGate. Scope FortiGate, all versions. Solution As in all network equipment, the communication with the exterior of the hardware is done via ports/interfaces. Where these...

AlexC-FTNT · 08-21-2024

Description This article describes a corner-case situation when sometimes the traffic over VPN session is not passing, even if endpoint has correct tag, and IP assigned. In this particular scenario, the user can only reach the EMS server after establ...

AlexC-FTNT · 11-24-2024

You posted this in the FortiGate forum. Maybe it would be better to post in FortiClient forum since it has nothing to do with FortiGate (because it works on PC with same config)

AlexC-FTNT · 11-12-2024

The Vlan tag is is a 32-bit field between the source MAC address and the EtherType fields of the original frame. There's nothing more to it. If the packet has Vlan tag 50 as it arrives on an interface, it is accepted, vlan tag stripped, then it is se...

AlexC-FTNT · 11-12-2024

why? is port3 in vlan50 also? FortiGate is a router, not a switch

AlexC-FTNT · 11-12-2024

Generally, these articles are better explained in the community portal. For example: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-the-log-message-User-shutdown-the/ta-p/301290 1) Who is this third-part CA? >> there are many...

AlexC-FTNT · 11-12-2024

If nothing is configured, what would you like to test? The hardware test can be done at any point. Look for HQIP test, there are articles describing how to perform it (depending on the unit model)

User Statistics

User Activity

Troubleshooting Tip: ACME certificate provisioning

Technical Tip: Design change on grouping policies in sequence groups

Technical Tip: How to show current active packet captures

Technical Tip: Direction of traffic for security profiles (Webfilter, AV, etc)

Troubleshooting Tip: ZTNA tags not propagated from FortiClientEMS

Re: FortiVPN IKE on MAC

Re: Trunk, how to add an access port

Re: Trunk, how to add an access port

Re: msg="User shutdown the device from forticron. The reason is 'System file integrity check fa

Re: FortiGate Firewall Security Testing

Technical Tip: FortiGate and ZSTD implementation (...

Technical Tip: FortiOS Unsupported feature: 'Is it...

Technical Tip: Hardware switch, Software switch, V...

Troubleshooting Tip: FortiGate blocking SIP INVITE...

Re: Cant find tdtype log field anywhere

Re: msg="User shutdown the device from forticron. ...

Re: Best Practices for FortiGate HA Pair Setup wit...

Re: How to connect two IPoE lines

Re: How to configure SDWAN pasive - active by CLI

Re: Cannot add the aggregate vpn member

Fortinet Training Institute

KCS