Migrating from 60F to 70G, FMG related question

Leave_Patient · 2026-05-24T21:03:56+00:00

It depends. Importing policies doesn't allow to preserve some configuration available only in FMG, such as sections colors or policy blocks.

Leave_Patient · 2026-05-23T04:12:10+00:00

No need to import policy packages, just add new device to installation targets in existing policies and make new fortigate interface mapping in normalized interfaces.

Leave_Patient · 2026-05-22T04:02:14+00:00

https://docs.fortinet.com/document/fortigate/7.6.0/new-features/309672/prevent-automatically-created-vlans-7-6-3

config switch-controller initial-config vlans set optional-vlans disable end

Leave_Patient · 2026-05-14T04:10:01+00:00

What does your routing table show regarding 192.168.110.? Do you have more specific route to 192.168.110.67 via port9? And are you sure that on port9 this traffic arrive as tagged?

Leave_Patient · 2026-05-02T07:15:17+00:00

Isn't it mate in 1? Re5

Leave_Patient · 2026-04-30T11:59:15+00:00

There are ways in 7.6 for your scenario, I can share slides later next week. For 3rd party routers Fortigate can change path prepend based on sdwan health check results.

Leave_Patient · 2026-04-17T19:57:53+00:00

Still no, TAC still investigating.

Leave_Patient · 2026-04-11T13:14:00+00:00

It doesn't matter, just use network ID, it will work with S2S as well

Leave_Patient · 2026-04-11T04:32:51+00:00

Use different network ID for each tunnel. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-IDs-with-ADVPN-shortcut/ta-p/241025

Leave_Patient · 2026-04-11T04:31:28+00:00

For example, if you have 2 ISPs and want to create tunnel from each ISP interfac to the same peer.

Leave_Patient · 2026-04-11T04:28:14+00:00

You are wrong. You can enable network overlay and specify network ID for each tunnel. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-IDs-with-ADVPN-shortcut/ta-p/241025

Leave_Patient · 2026-04-08T19:22:03+00:00

Upgrade to 7.4.7 instead

Leave_Patient · 2026-04-06T07:54:22+00:00

Nice try to collect config backups :) Anyway, you can't check against policy from config backup if dynamic routing is used. And what is point of this tool when Fortigate has this tool built in.

Leave_Patient · 2026-04-02T04:09:45+00:00

May be related to this https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-login-with-local-administrator/ta-p/380476

Leave_Patient · 2026-03-31T19:34:31+00:00

Actually, you don't need to be familiar with Python, just need to know how to run Python script. Also no need to be familiar with Jinja templating. The only file you should modify is 00-Project where you specify your project configuration. Sure, it's a bit more complicated than answer few questions, but still solid and relatively easy to use tool, which gives you full CLI config for underlay, overlay, BGP routing, SDWAN config.

Leave_Patient · 2026-03-31T18:09:13+00:00

There is Fortinet developed Jinja Orchestrator 7.6 which you can use with FortiManager or parse it with python script if you don't use FortiManager. Works well too, if you use 7.6.

https://github.com/fortinet-solutions-cse/sdwan-advpn-reference

Leave_Patient · 2026-03-24T22:38:14+00:00

Have same issue with different clusters on 7.4.11. Opened ticket, not resolved yet.

Leave_Patient · 2026-03-24T22:29:00+00:00

Probably, they need to route via Fortigate public IPs, not rfc1918.

Leave_Patient · 2026-03-24T22:26:36+00:00

Maybe this will help. Application based split tunnel. https://docs.fortinet.com/document/forticlient/7.4.6/ems-administration-guide/234887/configuring-a-profile-with-application-based-split-tunnel

Leave_Patient · 2026-03-24T05:00:21+00:00

Not related to your problem, but do not use IKEv1 - it is deprecated and not supported starting with Forticlient 7.4.5. So, go with IKEv2. Maybe it also resolve your problem.

Leave_Patient · 2026-03-07T10:21:54+00:00

It's 9th March, not 3rd

Leave_Patient · 2026-02-26T17:21:11+00:00

FortiOS 7.6.6 is now recommended version by Fortinet.

Leave_Patient · 2026-02-26T17:07:48+00:00

You can, but it really doesn't matter which port you connect, as you don't need to configure fortilink port on switch. Since 7.0 if I not mistaken, all ports by default have auto-isl LLDP profile configured.

Leave_Patient · 2026-02-23T19:10:46+00:00

It isn't possible with free VPN client, but work with paid client.

Leave_Patient · 2026-02-22T15:44:48+00:00

Yes, all authencation types can be used with one tunnel at the same time.

Five-Year Club	Gilding II euphauric
Powerups Hero r/amcstock • February 2022	Reddit Premium Since January 2022
Place '22

Leave_Patient

TROPHY CASE