Description This article describes the Micro SD card feature on the
FortiGate FGR-70F series. Scope FortiGate 70F. Solution The
FortiGateRugged 70F series added Micro SD support as a storage media
solution of local disk logging. The maximum card size...
Description This article describes how to fix if the Ookla speed test is
not running on devices behind FortiGate. Scope FortiGate v7.0+. Solution
If the speed test by Ookla is running on site https://www.speedtest.net/
and just says 'connecting', it ...
Description This article describes how to troubleshoot if the DHCP
clients are going to a different DNS server than the one configured in
the System DNS of FortiGate. Scope FortiGate v7.0+ Solution Check if
there is a specific DNS server configured i...
Description This article describes how to delete an IPSec tunnel created
under the SD-WAN zone. Scope FortiGate v7.0+. Solution When deleting all
the references from the IP Sec tunnel, one reference for the SD-WAN
interface is left that has the delet...
Description This article describes the issue where the SSL VPN is not
working on a loopback interface in an SD-WAN environment. Scope
FortiGate 7.0+ Solution If SSL VPN is set up on a different loopback
interface for multiple WAN interfaces in an SD-...
Hello @heyyo Here is a nice guide for resolving HA cluster out of sync.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-HA-synchronization-issue/ta-p/193422
You can check which configuration objects are out of sync...
Hello @unknown1020 Also check Dead Peer Detection setting on both sides.
Make sure it is set to 'On Demand'
https://community.fortinet.com/t5/FortiClient/Technical-Tip-Configuring-DPD-dead-peer-detection-on-IPsec-VPN/ta-p/192616
Regards, Varun
Hi @siayred Can you run this command to confirm if packet seen on
fortigate is coming from same subnet : diag sniffer packet any "host
and host " 4 0 l The other side may be SNAT the
traffic
Hello @KMontgomery , Please check if the Phase 1 and Phase 2 timers are
matching on both sides of the tunnel. You can also try recreating the
tunnel to see if that helps with issue. Can you also share the rekey
error that you see? Also did you perfor...
@mbenitez Just to add one clarification, Fortigate will block traffic
originating from outside (WAN) to LAN unless you specifically create a
Firewall Policy to allow it. However if the traffic is initiated from
LAN-> WAN, the reply to the traffic fro...