Technical Tip: How to trace which interface connec...

ddeguzman · 12-15-2024

Description This article describes how to access local LAN resources when connected to an IPsec dialup full tunnel. Enabling split-tunneling is not allowed. Scope FortiGate, FortiClient. Solution In this example, an IPsec Dial Up Full tunnel (DHCP ov...

ddeguzman · 10-02-2024

Description This article explains the behavior when utilizing Cloudflare DNS as FortiGate's DNS server. Scope FortiGate. Solution When utilizing a third-party DNS server such as CloudFlare (1.1.1.1 & 1.0.0.1) in FortiGate and selecting TLS as the DNS...

ddeguzman · 09-22-2024

Description This article describes how to setup FortiGate logging to FortiCloud while being managed by FortiManager. Scope FortiGate, FortiCloud. Solution It is possible to enable Cloud logging in FortiGate while it is managed by FortiManager Cloud o...

ddeguzman · 08-13-2024

Description This article describes how to manually bring the site-to-site IPsec VPN tunnel UP if no active traffic passing through the tunnel. Scope FortiGate, v7.0.x, v7.2.x and v7.4.x. Solution When an IPsec tunnel is configured and no active user/...

ddeguzman · 07-23-2024

Description This article describes the scenario where the scan result says that FortiOS is vulnerable to CVE-2013-3587 or BREACH. BREACH is a category of vulnerabilities and not a specific instance affecting a specific piece of software. To be vulner...

ddeguzman · 07-08-2024

Hi sirma504, If the traffic is passing through the IPsec tunnel and if the traffic is orginating from your FortiGate40F going to 1000F, I suspect you need to specify the source IP on its configuration.Let's say you have LDAP configured on your FortiG...

ddeguzman · 07-07-2024

Hi unknown1020, The default behavior for Windows SSLVPN user is they'll have their gateway address set to the assigned IP + 1. For example, the SSLVPN user got an IP of 10.212.134.200, their gateway IP would be 10.212.134.201. Here is an article that...

ddeguzman · 07-06-2024

Dear Alanrs, I believe using the external connector IP address threat feed should be feasible to utilize a dynamic list for your whitelist. Then in the event that the FortiGate failed to retrieve/update its thread feed, you can set an automation to a...

ddeguzman · 07-04-2024

Hi Martyyy, You mentioned that "need to make sure is that all traffic from this device, and all other devices behind it, passes through my fortigate firewall without any issues". If your concern is for outbound traffic, the firewall policy outbound s...

ddeguzman · 07-04-2024

Hi Yuhui, Kindly confirm if FortiGate receives the attempt?# diagnose sniffer packet any "host x.x.x.x" 4- where x.x.x.x is the remote user public ip.For additional troubleshooting assistance, kindly refer to articles below.https://community.fortinet...

User Statistics

User Activity

Technical Tip: Unable to Access Local Lan Resources When Connected to IPsec Dial Up Full Tunnel

Troubleshooting Tip: Using Cloudflare DNS with DNS over TLS showing as unreachable

Technical Tip: Enabling FortiCloud Logging While Managed By FortiManager (Cloud or On-Premise)

Technical Tip: Manually Bring the IPsec Site-to-Site VPN UP

Technical Tip: CVE-2013-3587 (BREACH)

Re: Authentication Error after migration FortiGate

Re: View "remote gateway" connections

Re: IP Threat Feed as Whitelist

Re: Sophos Red Router

Re: Fortinet connection stuck at 0%

Technical Tip: How to trace which interface connec...

Re: Sophos Red Router

Re: Two Ipsec Tunnels for Fortigate

Re: SSL VPN Connection is Down Message at 40%

Re: How to perform special internet access for For...

Re: Sophos Red Router

KCS