Description This article describes that it is not possible to connect
via SSL VPN when a Require Client Certificate is enabled. Scope
FortiGate v6.X and v7.X. Solution After enabling Require Client
Certificate for SSL VPN settings: Verify that the Us...
Description This article describes how to use a FortiToken to perform
two-factor authentication for an SSL-VPN radius user. Scope FortiGate
6.X and 7.X. Solution Configure the Radius Server: Configure the Remote
Radius User and enable FortiToken two-...
Description This article describes the case of FortiAnalyzer
connectivity with FortiGate using SD-WAN. Scope FortiGate v6.X and v7.X.
Solution Use the CLI and configure the FortiAnalyzer log settings. Use
the 'interface-select-method' SD-WAN. Test th...
Description This article describes how to configure split tunnel for SSL
VPN using address override Scope FortiGate 6.X and 7.X Solution
Configure the SSL VPN user group. Configure SSL VPN Settings Configure
the allowed subnet for the SSL VPN users. ...
Description This article explains how to configure an automation stitch
to provide email alerts when IPSec tunnel dead peer detection fails.
Scope FortiGate 6.X and 7.X. Solution Configure the Automation stitch
under Security Fabric -> Automation -> ...
set honor-df disable FortiGate to ignore the 'do not defragment' portion
of a packet. if user is trying to use an MTU bigger than Firewall
interface MTU without fragmentation , the packets are still allowed
https://community.fortinet.com/t5/FortiGate...
Try increasing default TTL value on Firewall
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Default-session-timeout-value-session-ttl/ta-p/194357
It depends on your requirements. It could be beneficial while your ISP
link goes down. You can configure automation script to send an email for
quick response