Description This article describes how to configure SSL VPN web portal in web mode and predefines a bookmark with Single Sign-On. Scope FortiGate. Solution In FortiGate SSL VPN Web Mode integrated with Active Directory Authentication, the user established the SSL VPN tunnel via Web browser, then the user uses the same Active Directory credentials to …
FortiGate
Description This article describes the way videos are filtered based on the default action value in video channel override configuration. Scope FortiGate version 7.0+. Solution To understand how Video filtering is: FortiGate / FortiOS 7.0.0 > New Features > Video Filtering Unlike web filters, channels /categories are allowed or blocked based on the default action …
Description This article describes that when an entry is tried to be added under ‘Authentication/Portal Mapping’ for SSL VPN clients, it throws the following error: Scope FortiGate 7.0, 7.2. Solution FortiGate will throw this error if there was a policy configured with the destination address as ‘ALL’ and the source address as any ‘user/user group’ …
Description This article describes how to forward Multicast traffic from one managed FortiAP to another managed FortiAP in tunnel mode. Scope FortiGate managing 2 FortiAPs. The FortiAPs have SSID: ‘tunnel’ in Tunnel mode with PC1: 10.233.0.3 connected to FAP1 and PC2: 10.233.0.4 connected to FAP2. PC1 is generating MultiCast traffic (10.233.0.3 –> 234.5.6.7) and PC2 …
Description This article describes how to configure Google secure LDAPS in FortiGate using certificate authentication Scope FortiGate7.2.0+. Google Suite supported plans: Business Plus; Enterprise; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus. Solution Some LDAP servers require a client certificate to perform peer verification instead of password authentication. Google LDAPS is one …
Problem Description This article describes how to troubleshoot IPSec error: 22: Invalid argument. Scope FortiGate Solution Step 1: IPSec Tunnel is configured between FG-A and FG-B with the following Phase2 selector setting: FG-A: [IPSec_local] IPSec_local_subnet_1: 10.251.0.0/20 IPSec_local_subnet_2: 10.251.0.0/24 [IPSec_remote] IPSec_remote_subnet_1: 10.120.0.0/20 FG-B: [IPSec_local] IPSec_local_subnet_1: 10.120.0.0/20 [IPSec_remote] IPSec_remote_subnet_1: 10.251.0.0/20 IPSec_remote_subnet_2: 10.251.0.0/24 Step 2: IPSec phase2 is …
Problem Description This article describes how to fix an issue where SSH connectivity from FortiSIEM to FortiGate does not function. Scope Applies to FortiSIEM version 6.6.0 and any other versions that receive the ‘Host key verification failed’ error when testing SSH connectivity to a FortiGate device. Solution During an attempt to configure SSH on FortiGate, …
Problem Description This article describes how to enable multicast policy on GUI. Scope FortiGate 6.4, 7.0, and 7.2. Solution To enable the multicast policy on GUI, go to System > Feature Visibility and enable the multicast policy setting: To view the multicast policy and config, go to Policy & Objects > Multicast Policy.
Problem Description This article explains how to solve an issue where restoration of configuration fails. Scope FortiGate, FortiOS 6.2.x. Solution This issue commonly occurs with small-scale FortiGate models such as the 30, 40, and 50 Series due to their limited capacity. When restoring the configuration from the GUI, the following warning may appear: To work …
Problem Description This article describes how to load balance the TCP sessions between the real servers (a real server can be a web server, mail server and etc), how to get details of the real servers and perform basic troubleshooting using some debugging commands. The load balance on FortiGate supports HTTP, HTTPS, IMAPS, POP3S, SMTPS, …
Problem Description This article describes how to enable logging for one-arm filter traffic. Scope FortiGate. Solution Basically, with one-arm sniffer mode, it will examine, and log packets based on the configured IPS sensor and application control list. So, if the UTM features are not enabled in one arm sniffer interface, it will not log anything …
Problem Description This article describes how to synchronize and verify IPSec tunnel with FGSP. Scope FortiGate v7.0, FortiOS 7.2. Solution Scenario: In this scenario, there are 2 FortiGates: ‘FGT-1’ acting as the primary. ‘FGT-2’ acting as a backup and a remote VPN gateway. …….REMOTE VPN GATEWAY ……………10.100.100.3 …………………….| …………………….| …………………….| …………………….| 10.100.100.1…..|…. 10.100.100.2 ….FGT-1————–FGT-2 192.168.1.1…………….192.168.1.2 …
This article descricbes that credentials from FortiGate succeed but the same credential fails in actual SSL VPN log-in. The credentials for a test user with username ‘testvpn’ and password ‘azbyc’ (already configured at the LDAP’s AD) shows authentication succeeded when done from the FortiGate as follows: FW-1 # dia test authserver ldap MyLdap testvpn azbyc …
This article describes that backup logs in plaintext format avoid LZ4 decompression. By default, if the logs are backed up to the FTP server, logs will be encrypted. # execute backup disk alllogs ftp <IP_address> <username> <password> # execute backup disk log ftp <IP_address> <username> <password> <log_type> If it is necessary to upload the logs …
This article describes how to block Anydesk traffics without UTM configured then you can block it using ISDB. Scope FortiGate. Solution Step 1: Go to Policy & Objects and select Create New. Step 2: Destination -> Internet Service -> filter the name anydesk and select Anydesk-Anydesk. Step 3: Configure other fields and select OK. Step …