Description This article describes the behavior of SNAT when VIP is
configured (no port forwarding). Scope FortiGate. Solution There are two
options for FortiGate to perform SNAT configurable in the firewall
policy. Use Outgoing Interface Address. Us...
Description This article describes why FSSO user do not match firewall
policy even though the connector is UP. Here you can see 50+
Users/groups have been populated and used in the firewall policy. FSSO
CA Connector Status Below is the firewall polic...
Description This article discusses the scenario when users do not match
the firewall policy that has active authentication. Scope Active
authentication means that users are prompted to manually enter their
credentials before being granted access. Whe...
Description This article describes the need to enable deep-inspection to
see the bytes received in the web filter traffic logs. Scope FortiProxy
web filter log. Solution To see the bytes received for the web filter
traffic logs, it will be necessary ...
Description This article describes why FortiGate is forwarding DNS
queries for blocking or banning domains to the DNS servers. Scope
FortiGate DNS. Solution There are instances that the FortiGate is
sending DNS queries to the configured DNS servers f...
Hi, Verify first the SN matches what you have in the portal. If that
good, try the following KB if it helps.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-The-license-still-shows-as-expired-after-renewal/ta-p/256101
It will instruct the F...
Hi @MeoDub , If you looking for UDP/4500 for IPSec it would be IKE
service. The IKE service includes UDP/500 UDP/4500. How exactly the
connection would be? Is the traffic initiated from internal to external?
regards,
Hi @networm , I believe mac address base policy is what you are looking
for. Try checking the following link guide.
http://docs.fortinet.com/document/fortigate/7.2.7/administration-guide/407159
best regards,