Description This article explains that as of v7.4.2, FortiGate can use
TCP as the transport protocol for IKE traffic in cases where the phase1
tunnel fails to establish using UDP. Scope FortiGate v7.4.2 or above.
Solution Create an IPsec tunnel on bo...
Description This article describes that starting from v7.4.2, a
proprietary solution to support the encapsulation of Encapsulating
Security Payload (ESP) packets within Transmission Control Protocol
(TCP) headers has been introduced. It allows ESP pa...
Description This article describes how the FortiGate behaves when the
BGP 'bestpath-med-missing-as-worst' is enabled. Scope FortiGate v7.0 and
above. Solution Consider the following network diagram and its setup:
FortiGate receives route advertisemen...
Description This article describes how to tag an untagged packet with
FortiGate in transparent mode in a Single or Multi-VDOM environment.
Scope FortiGate v7.X. Solution This article assumes the network
infrastructure in the following diagram is in p...
Description This article describes how to allow the magic packet in the
ForitGate. The user uses the 'WakeMeOnLan' application to send the magic
packet over SSL VPN. Scope FortiGate v7.4, v7.2 and v7.0, Solution
Create a firewall policy that will all...
I suggest running the sslvpn debug in the FortiGate while you connect to
the VPN to check why the connection fails. diag debug resetdiag vpn ssl
debug-filter src-addr4 diag deb app sslvpn -1diag deb
console timestamp enablediag deb enableTo troublesh...
Hello Hassan, I suggest running a debug flow and verify if the packets
are allowed/blocked by the FortiGate: diag debug flow filter clear diag
debug flow filter addr 172.30.1.138 anddiag debug flow filter
proto 1 diag debug flow trace start 100diag ...
I suggest running a debug flow and a packet sniffer to verify if the
traffic is hitting your PBR rule, also make sure to turn off the
offloading at the policy level to see them when you're
debugging:https://community.fortinet.com/t5/FortiGate/Trouble...
Hello Spike, It seems you're checking this log from the Application
Control log view, in which the mac address would not appear. Did you try
to check it from the Forward traffic logs? If you still don't see the
MAC address from the Forward traffic lo...