This article describes why FortiAuthenticator Agent for Microsoft Windows does not display any domain. Under Two Factor Authentication > Configure, no domain is seen. Even Windows 10 client machine is added in domain, FortiAuthenticator Agent for Windows does not display any. The reason is that FortiAuthenticator Windows Agent is installed using a local account, instead …
FortiGate
This article describes how to refresh/clear the wad user/group cache on FortiProxy version 7.0.x. As wad maintains its own cache for user & group information. In firmware version 7.0.x, the old command to refresh/clear wad user/group cache doesn’t exist. Step 1: Clear the existing user cache using the below CLI commands: # diagnose wad user …
This article describes how to block Aadhaar and PAN number using regular expressions. Aadhaar is a 12 digit number with first digit not either 0 or 1. It contains white space after every 4 digits and contains no alphabets. Below regular expression can be used to identify Aadhaar: ^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$ <—– (^ Start of string, $ …
This describes what SNMP heartbeat (HB) Alerts are and where it would be visible on the network instance. What are SNMP Heartbeat Alerts? SNMP Heartbeat Alerts are specific to instances and these alerts will only be generated for a specific instance when ALL the SNMP metrics stop reporting. Facts about SNMP Heartbeat Alert. These alerts …
This issue related to the license has been renew but still does not reflect even after passing the expiry date. This article describes how to fix this issue. Make sure to allow the traffic towards usfds1.fortinet.com on TCP port 443. Also note that the respective traffic should not be deep inspected because fortiguard servers must …
This article describes that the FortiManager firmware can hang more than 10 minutes after an upgrade. Basically, when the FortiManager is upgraded, it will take around 5 minutes to reboot the GUI. Step 1: If the GUI hang, need to check from CLI and ping the IP of FortiManager. Step 2: If ping success and …
This article describes how to rebuild the FFDB database in case of error ‘ffdb_err_msg_print: ret=-4, Error: kernel error’. – Kernel error ‘ffdb_err_msg_print: ret=-4, Error: kernel error’ is observed on the FortiGate when there is an issue the FFDB files. This can be verified using the below command: # diagnose debug config-error-log read – It is …
This article describes how to use FortiManager as local FDS and the configuration needed on FortiGate. Step 1: After enabling service access for FortiGate Updates and Web Filtering on FortiManager interface, there is option to Bind to IP Address. Step 2: If Bind to IP Address is 0.0.0.0/0.0.0.0 (default value), the interface IP will be used …
This article describes how to check the BGP traffic flow in debugs of the FortiGate. The following will check if the packets have been blocked or allowed by the expected firewall policy or other features properly. To check and investigate whether BGP traffic can be allowed by firewall policy ID or hit the correct function …
This article describes about the procedure to check OSPF (Open Shortest Path First) sessions in FortiGate to investigate further. To check and investigate OSPF sessions in FortiGate unit, run the following CLI commands as below to investigate OSPF sessions further. # diagnose sys session list | grep proto=89 -A 15 Example: # diagnose sys session …
This document describes steps to troubleshoot if the clients are not getting IP address from bridged ssid. Check if DHCP is enabled on the vlan interface that is configured as the bridge ssid. If yes, Run the following sniffer command: # diag sniffer packet <interfacename> ‘port 67 or port 68’ 4 0 l </interfacename> In …
This article describes disabling logging on a particular firewall policy. The option to disable the logging for a particular firewall policy is only found in the CLI. Let’s consider that the policy ID to edit is 11: # configure firewall policy edit 11 set logtraffic disable end
Question Afrer connect to the FortiGate firewall, Firefox browser show SSL_ERROR_RX_RECORD_TOO_LONG error. The detailed error message is as below: Problem loading page Secure Connection Failed An error occurred during a connection to {x.x.x.x} SSL received a record that exceeded the maximum permissible length error code : SSL_ERROR_RX_RECORD_TOO_LONG The page you are trying to view cannot …
Problem: This article outlines the detailed steps for how to configure FortiGate port forwarding for RDP. The Process is: Setup a Virtual IP (with port forward enabled) Create a Virtual IP Group Allow traffic to the Virtual IP Group
