Skip to Content

Description This article describes how to configure SSL VPN web portal in web mode and predefines a bookmark with Single Sign-On. Scope FortiGate. Solution In FortiGate SSL VPN Web Mode integrated with Active Directory Authentication, the user established the SSL VPN tunnel via Web browser, then the user uses the same Active Directory credentials to …

Read More about Solved: How do I configure SSL VPN bookmark with Single Sign-On?

Description This article describes the way videos are filtered based on the default action value in video channel override configuration. Scope FortiGate version 7.0+. Solution To understand how Video filtering is: FortiGate / FortiOS 7.0.0 > New Features > Video Filtering Unlike web filters, channels /categories are allowed or blocked based on the default action …

Read More about Solved: How do I configure action based on default value under Channel override in Video filter?

Description This article describes that when an entry is tried to be added under ‘Authentication/Portal Mapping’ for SSL VPN clients, it throws the following error: Scope FortiGate 7.0, 7.2. Solution FortiGate will throw this error if there was a policy configured with the destination address as ‘ALL’ and the source address as any ‘user/user group’ …

Read More about Solved: How do I fix unable to add entry under ‘Authentication/Portal Mapping’ for SSL VPN Settings on GUI?

Description This article describes how to forward Multicast traffic from one managed FortiAP to another managed FortiAP in tunnel mode. Scope FortiGate managing 2 FortiAPs. The FortiAPs have SSID: ‘tunnel’ in Tunnel mode with PC1: 10.233.0.3 connected to FAP1 and PC2: 10.233.0.4 connected to FAP2. PC1 is generating MultiCast traffic (10.233.0.3 –> 234.5.6.7) and PC2 …

Read More about Solved: How do I forward Multicast traffic from one managed FortiAP to another managed FortiAP in tunnel mode?

Description This article describes how to configure Google secure LDAPS in FortiGate using certificate authentication Scope FortiGate7.2.0+. Google Suite supported plans: Business Plus; Enterprise; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus. Solution Some LDAP servers require a client certificate to perform peer verification instead of password authentication. Google LDAPS is one …

Read More about Solved: How do I configure Google Suite LDAP integration with FortiGate using LDAPS with certificate authentication?

Problem Description This article describes how to troubleshoot IPSec error: 22: Invalid argument. Scope FortiGate Solution Step 1: IPSec Tunnel is configured between FG-A and FG-B with the following Phase2 selector setting: FG-A: [IPSec_local] IPSec_local_subnet_1: 10.251.0.0/20 IPSec_local_subnet_2: 10.251.0.0/24 [IPSec_remote] IPSec_remote_subnet_1: 10.120.0.0/20 FG-B: [IPSec_local] IPSec_local_subnet_1: 10.120.0.0/20 [IPSec_remote] IPSec_remote_subnet_1: 10.251.0.0/20 IPSec_remote_subnet_2: 10.251.0.0/24 Step 2: IPSec phase2 is …

Read More about Solved: How do I fix IPSec error: 22: Invalid argument?

Problem Description This article describes how to fix an issue where SSH connectivity from FortiSIEM to FortiGate does not function. Scope Applies to FortiSIEM version 6.6.0 and any other versions that receive the ‘Host key verification failed’ error when testing SSH connectivity to a FortiGate device. Solution During an attempt to configure SSH on FortiGate, …

Read More about Solved: How do I fix “failed (Host key verification failed)” error occurs when testing FortiSIEM-FortiGate connectivity with SSH credentials?

Problem Description This article explains how to solve an issue where restoration of configuration fails. Scope FortiGate, FortiOS 6.2.x. Solution This issue commonly occurs with small-scale FortiGate models such as the 30, 40, and 50 Series due to their limited capacity. When restoring the configuration from the GUI, the following warning may appear: To work …

Read More about Solved: How do I fix unable to restore configuration with error “failed to restore system configuration”?

Problem Description This article describes how to load balance the TCP sessions between the real servers (a real server can be a web server, mail server and etc), how to get details of the real servers and perform basic troubleshooting using some debugging commands. The load balance on FortiGate supports HTTP, HTTPS, IMAPS, POP3S, SMTPS, …

Read More about Solved: How do I load balance the TCP traffic between the real servers behind the FortiGate?

Problem Description This article describes how to synchronize and verify IPSec tunnel with FGSP. Scope FortiGate v7.0, FortiOS 7.2. Solution Scenario: In this scenario, there are 2 FortiGates: ‘FGT-1’ acting as the primary. ‘FGT-2’ acting as a backup and a remote VPN gateway. …….REMOTE VPN GATEWAY ……………10.100.100.3 …………………….| …………………….| …………………….| …………………….| 10.100.100.1…..|…. 10.100.100.2 ….FGT-1————–FGT-2 192.168.1.1…………….192.168.1.2 …

Read More about Solved: How do I sync IPSec VPNs with FGSP?

This article descricbes that credentials from FortiGate succeed but the same credential fails in actual SSL VPN log-in. The credentials for a test user with username ‘testvpn’ and password ‘azbyc’ (already configured at the LDAP’s AD) shows authentication succeeded when done from the FortiGate as follows: FW-1 # dia test authserver ldap MyLdap testvpn azbyc …

Read More about Solved: How do I fix SSL VPN with LDAP user authentication credential check passes in FortiGate but fails while logging in?

This article describes that backup logs in plaintext format avoid LZ4 decompression. By default, if the logs are backed up to the FTP server, logs will be encrypted. # execute backup disk alllogs ftp <IP_address> <username> <password> # execute backup disk log ftp <IP_address> <username> <password> <log_type> If it is necessary to upload the logs …

Read More about Solved: How do I backup logs in plaintext format avoid performing LZ4 decompression?
Ads Blocker Image Powered by Code Help Pro

Your Support Matters...

We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.