I just ran into this: We have a Windows DHCP that has a scope for a
vlan.the vlan interface on the FGT100E is set to do dhcp relaying to
this Windows DHCP.the Windows DHCP also has dhcp option 138 set for all
scopes it has.If I now connect a client t...
I did the following: - upgraded FMG to 7.0.11 while the FGT still were
on 7.0.13 => everything still worked fine afterwards- upgraded the FGT
to 7.0.14 during the next night (scheduled) => since then FGT keep
losing the connection to FMG when I deplo...
We just ran into this: today our FortiMail states it has no antispam and
virus outbreak license.It did have one because it also states the last
update of the antispam definitions was on 2024-02-06 and it cannot do
that without vallid license. If I lo...
We just ran into this issue and I just wanted to warn you to not do so
too: if you rename global address objects in FMG you can only do that
via script (TAC said this).If you assign this to an adom afterwards it
will be correctly assigned.You will ha...
I keep encountering this behavior: all of a sudden on some clients https
websites stop working.every time this starts the only thing noticable on
the FGT is that the memory usage is >=60%. Mostly around 63-65%. It
however does not reach the threshold...
I think there is a misunderstanding hiere: - FortiClient does not
communicate with the radius. It just does xauth with the FGT. If the
user is a radius user or member of a radius user group that is in the
VPNs xauth section the FGt will communicate w...
There is two caveats: if a S2S VPN on Fortigate Side has a ddns fqdn as
remote gateway and you disable the automatic establishing of the vpn on
this side (phase1 auto negotiation) the FGT's IPSec will no longer
update the remote gw causing the VPN to...
it narrowed down to be an issue that only (at least on our side) affects
the FGT100 Series. The issue never ever occured on FGT60 or FGT300 we
also have.Also the FMG Developer team has narrowed that down to be an
issue on the FGT side (it is because ...
We found the culprit now: The Windows DHCP Server did have the option
138 configured. It also did have the correct address in there. However
the data format was wrong. So Option 138 was submitted as text and not
ip address. This resulted in 12 bytes ...
in the DHCP ACK returned from the FGT to the client there is no option
138 at all.In the pcap from the interface the DHCP Server is in on FGT
there is option 138 but with more ips that look similar to what FortiNet
uses as system DNS since FOS 7.0. O...