Description This article explains why, after updating to version 7.4.4
or a newer version, Security Fabric downstream FortiGate devices cannot
validate the EMS certificate. Example: FortiGate Root Fabric:
'Connected'. FortiGate downstream Fabric: Con...
Description This article describes an error when upgrading a FortiGate
90G/91G/120G/121G high availability cluster from FortiOS v7.0.16 to
v7.0.17 or higher branches such as v7.2.x, v7.4.x, or v7.6.x. GUI error:
'Image upgrade failed. The firmware im...
Description This article describes an error encountered on FortiClient
or certain browsers when attempting to connect to the FortiGate SSL VPN.
Error: 'The security certificate for this site has been revoked. This
site should not be trusted'. The sec...
Description This article describes a known issue that can occur with
FortiGate sending RADSEC Accounting (RADIUS TLS) to the RADIUS server.
This bug has been fixed in v7.4.5, v7.6.1. Scope FortiGate, RADIUS.
Solution Error examples for debugging seen...
Description This article describes how to resolve an issue that occurs
when using File Filter with proxy-based policies to block specific file
types (e.g., .bat and .cmd) via the SMB2 protocol in environments
utilizing NetApp file shares or non-'Micr...
If you are using public certificates, another reason can be because the
certificate is revoked at the CA level when the certificate uses
ocsp.You may check with the following tool:
https://www.certificatetools.com/ocsp-checker Example: Full KB:
Troub...
Hi, @randomcatperson Thank you for your insightful reply and thorough
investigation; your efforts greatly benefit the community. Regarding the
issue at hand, I've highlighted two potential workarounds that have been
successful for other customers. Yo...
1st workaround is to change the policy Inspection mode from "Flow-based"
to "Proxy-based. Please note that Proxy-based inspection does not allow
traffic to be offloaded to NPUs. How to enable the Proxy-based opinion:
config system settings set gui-pr...
