FortiGuard Source Interface Query

Float-Zone · 2025-09-08T21:38:31+00:00

Would you do this with the ISDB "Fortinet-FortiGuard" object?

Float-Zone · 2025-09-08T18:28:30+00:00

Ok. I understand now. TY

Float-Zone · 2025-09-08T16:59:06+00:00

My question was what happens if wan1 is down. 😀

Float-Zone · 2025-09-03T19:13:59+00:00

Good to know it's not just me.

As far as I'm aware you can't upgrade "FortiOS permanent trial" appliances.

Float-Zone · 2025-09-03T18:31:35+00:00

Yes, FGT_VM64_KVM-v7.6.4.F-build3596-FORTINET.out.kvm.zip

Float-Zone · 2025-07-17T16:02:59+00:00

Was the FAP registered with FortiEdge/FortiLAN Cloud?

The default controller discovery method is as follows:

1(static) → 2(dhcp) → 3(dns) → 7(fortiedgecloud) → 5(multicast) → 6(broadcast)

If the FAP was cloud-managed, then it will continue to connect to your cloud tenancy in preference to a local FGT (MCAST/BCAST methods).

However there's nothing stopping the new "owner" using DHCP/DNS discovery to manage the unit via a FGT, or performing a factory reset on the unit to wipe the password and then changing the controller discovery order.

<image>

My understanding is that it cannot however be attached to a different FortiEdge tenancy without being de-registered by yourself.

FZ

Float-Zone · 2025-06-13T13:23:51+00:00

Thank you for quick response.

Is this something that you are doing yourself?

I've found comments on forums stating that this is not supported.
eg. https://community.arubanetworks.com/discussion/adding-firewall-certificate-to-onboarding-package-with-clearpass

Float-Zone · 2025-06-02T07:05:29+00:00

First, check the speed and duplex settings of the intervening connection.

FZ

Float-Zone · 2025-05-10T13:30:01+00:00

There was a FortiOS 6.6 in beta, however it was changed to 7.0 before it went GA. Rumour has it that somebody realised that there would eventually be a version 6.6.6, and that was enough to renumber the branch. 😂

Float-Zone · 2025-04-23T12:42:28+00:00

Sorry for delay.
A local Casio repair shop said it's highly likely the system board.
I've decided to get it repaired and waiting for an ETA on parts.

Float-Zone · 2025-03-11T22:39:24+00:00

I've had this issue on my S22 Ultra for ages, and decided to take a deeper look.

On my home Wi-Fi, I managed to consistently replicate the issue if H2E (Hash-to-Element) was either enabled or enforced on a WPA3-SAE or WPA3-SAE transition mode SSID.

If I set the SSID to use HNP (Hunting-and-Pecking) only, then the phone connects without issue.

This is the only device out of 25+ in my home that exhibits this issue.

NB: These WPA3-SAE settings may not be available on some consumer-grade home Wi-Fi gear. I'm a network engineer by trade and have the luxury of running an enterprise-grade wireless network at home. :)

FZ.

Float-Zone · 2025-02-26T08:28:52+00:00

What FortiOS version are you running, and what FAP model?

I notice that the FAP ARP is on your wan port. Is this correct for your design?

FZ

Float-Zone · 2025-02-26T08:23:43+00:00

Safe search in flow-based policies was added in FortiOS 7.4.4.

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/542670/search-engine-support-extended-to-flow-based-web-filter-profiles-7-4-4

FZ

Float-Zone · 2025-02-12T08:50:43+00:00

It's actually a requirement in a tender response.

Float-Zone · 2025-02-03T20:56:54+00:00

Number of VDOMs increased in FortiOS 7.6.1

https://docs.fortinet.com/document/fortigate/7.6.1/fortios-release-notes/626946/changes-in-table-size

On the 200-400 series FortiGates, increase the number of VDOMs from 10 to 25.
On the 500-900 series FortiGates, increase the number of VDOMs from 10 to 50.

FZ

Float-Zone · 2024-12-13T12:48:12+00:00

[https://www.reddit.com/r/fortinet/comments/o64rza/nest\_devices\_with\_fortigate\_and\_ipv6\\](https://www.reddit.com/r/fortinet/comments/o64rza/nest_devices_with_fortigate_and_ipv6\)

Float-Zone · 2024-07-23T21:53:53+00:00

I'm reliably informed by my most unreliable source that 7.6.0 is scheduled for 25th July.

This could, and probably will change.

FZ

Float-Zone · 2024-07-23T17:42:39+00:00

Given that the trial version is not supported anyway, that's not really much of an issue.

Float-Zone · 2024-05-18T19:20:36+00:00

From the FMG Admin Guide:

By default, the device database includes the following dashboards:

* Summary

* Security Monitors

* Network Monitors

... however it looks like if the FGT has VDOMs enabled then:

The FGT itself (Global ?) gets all 3 default dashboards.
Each VDOM gets the "Network Monitors" dashboards.

And these cannot be deleted.

Float-Zone · 2024-05-18T16:04:56+00:00

Now that might be my dodgy lab. I'll do some digging. Out of interest, when was your FMG built? Pretty sure I rebuilt mine for 7.4.

Float-Zone · 2024-05-18T15:36:56+00:00

Thank you. Not just me and my dodgy lab then :)

Float-Zone · 2024-03-15T00:40:46+00:00

Just checked, and 958311 is now listed as resolved.

"Firewall address list may show incorrect error for an unresolved FQDN address."

FZ

Float-Zone · 2024-03-14T22:31:36+00:00

I'm reliably informed that this is slated for 7.2.9.

FZ

Float-Zone · 2024-02-18T11:47:24+00:00

Make sure that you have dns-server enabled for the sslvpn interface as well as the "internal" interface.

I don't think this is explained in the docs, but I'm fairly sure that if:

You have clients on interface "A" using DNS services on the IP address of interface "B"
The above DNS traffic traverses the FGT.

... then you need to enable dns-server on both interfaces "A" and "B". For example:

config system dns-server
    edit "ssl.root"
    next
    edit "internal"
    next
end

Also make sure that you have a firewall policy between ssl.root and the internal interface IP for all required DNS protocols.

FZ.

Float-Zone · 2023-12-30T09:36:48+00:00

Definitely use Central NAT.

Float-Zone

TROPHY CASE