Hi FortiGate adminsIn my case I need a redundant dial-up VPN from branch
office FG to HQ FG, where HQ FG has 2 WAN in a SD-WAN zone.A "classic"
setup didn't work, I see the tunnels flapping from the first to the
second and vice versa.When configuring...
Hi FortiWeb adminsI have a fresh FortiWeb 7.2.8 installation, protecting
a Web server for mobile applications.Public certificate correctly
installed on FortiWeb with certificate chain.I have the following
behavior:When Web server is protected by Fort...
Hi FortiGate adminsI have two hosts interconnected via a third party
IPsec, separated by a FortiGate.When I use no-inspection in the FG's
firewall policy I have the tunnel comes up and working fine.When I use
certificate inspection it doesn't come up...
Hi AhmadDoes it have any relationship with DNS (53) and DNS over
SSL/HTTPS? You may check if there is a difference between your Firefox
and Edge on that side.You may also check in Web Filter logs, under Log &
Report menu, to see if there is relevant ...
Additionally regarding your false positives, usually it is due to a hard
AntiSpam profile, so I'm sharing here an AS profile that I usually setup
as the main inbound profile.Hope it helps.
Traffic that is destined to FortiGate itself is not managed by firewall
policies, but by local-in-policies.So you can create a local-in-policy
to allow specific sources to ping your FortiGate.E.g.:config firewall
local-in-policy edit 1 set intf "wan1...
Hi NeoRantCongratulations for your first prod FML integration. The first
is the harder, and the following ones will be fast and easy.You can
share your false positives and we will try help.But the good method is
first to know the order of
execution:h...
Hi MuriPersonally for content filter I always left it to default values
as I see they are just fine.Most (99%) of the FortiMail parameters are
good when they are left to default values. They are tuned to most use
cases.