I just ran into this: We have a Windows DHCP that has a scope for a
vlan.the vlan interface on the FGT100E is set to do dhcp relaying to
this Windows DHCP.the Windows DHCP also has dhcp option 138 set for all
scopes it has.If I now connect a client t...
I did the following: - upgraded FMG to 7.0.11 while the FGT still were
on 7.0.13 => everything still worked fine afterwards- upgraded the FGT
to 7.0.14 during the next night (scheduled) => since then FGT keep
losing the connection to FMG when I deplo...
We just ran into this: today our FortiMail states it has no antispam and
virus outbreak license.It did have one because it also states the last
update of the antispam definitions was on 2024-02-06 and it cannot do
that without vallid license. If I lo...
We just ran into this issue and I just wanted to warn you to not do so
too: if you rename global address objects in FMG you can only do that
via script (TAC said this).If you assign this to an adom afterwards it
will be correctly assigned.You will ha...
I keep encountering this behavior: all of a sudden on some clients https
websites stop working.every time this starts the only thing noticable on
the FGT is that the memory usage is >=60%. Mostly around 63-65%. It
however does not reach the threshold...
either do not enable it on policies for the FMG<->FGT connection or make
sure that all FGT have the issuer ca you use for deep inspection so they
can still verify FMG's certificate.
there is an issue with ddns and s2s ipsec: when you disabled p1
autonegotiation on the non-ddns-side it will no longer update the remote
gw so the vpn will no longer come up.
you could do packet capturing on the client (or the interface of the
FGT) and filter that by dhcp to see wether the client gets answers from
your relay or not.
got the new interim FOS build yesterday and it finally seems to have
broought us to the right path. This build finally outputted an
additional message saying that the FMG certificate could not be
re-verfified by the fgt because of the issuer. And tha...
of course Fortinet suggest their own app :)This does not mean that there
is no alternatives. However I never tried.Vice versa the FortiToken App
does not only support FortiTokens. I also added 2FA from e.g. Cloudflare
and some others to it and it wor...