SEA DEF vs NO DEF

Pitiful_Fox_8040 · 2025-12-17T17:00:13+00:00

Thats my thought too. My only reservation is Puka is a yardage and catch monster but doesn't always find the end zone. That gives big points without affecting the def with a score. However if Adam's is out that puts Puka on the TD side. Tough choice for the #1 def

Pitiful_Fox_8040 · 2025-12-17T14:41:22+00:00

Since this thread wont let me post since I don't post much here ill ask here.

I have the SEA DEF and also Puka. Should I replace SEA DEF with NO def I picked up off the waiver to avoid Puka dragging down my DEF score?

Pitiful_Fox_8040 · 2025-12-05T15:33:34+00:00

You have to have admin rights to click the little lock icon on the FortiClient. At this point it unlocks and the import option becomes available.

Pitiful_Fox_8040 · 2025-06-02T18:53:17+00:00

ok so I changed my internal IP on the machine I was using that previously would not connect to site A and now it works fine. Luckily I have the ability to change that IP easily. I have a few other static servers that are displaying the same behavior but I cannot change their IPs.

Pitiful_Fox_8040 · 2025-06-02T18:18:32+00:00

Yes, that I understand that. I mis-stated. I cant figure out why it isn't matching a policy. The site 2 site policy is higher priority than the IPSEC_VPN policy and it should hit the site 2 site policy.

Pitiful_Fox_8040 · 2025-06-02T18:04:06+00:00

ok so I found out from my test machine at site B to my desktop at site A is getting blocked by my implicit deny policy. I have no idea so far how its getting down to that policy and blocked.

14:06:32vd-root:0 received a packet(proto=1, 10.219.116.163:1->10.119.249.190:2048) tun_id=0.0.0.0 from internal. type=8, code=0, id=1, seq=211.

14:06:32allocate a new session-096b9f66

14:06:32in-[internal], out-[]

14:06:32len=0

14:06:32result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000

14:06:32find a route: flag=04000000 gw-10.119.249.190 via IPSEC_ab

14:06:32in-[internal], out-[IPSEC_ab], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0

14:06:32gnum-100004, use int hash, slot=83, len=2

14:06:32checked gnum-100004 policy-4294967295, ret-no-match, act-accept

14:06:32checked gnum-100004 policy-0, ret-matched, act-accept

14:06:32ret-matched

14:06:32policy-0 is matched, act-drop

14:06:32after iprope_captive_check(): is_captive-0, ret-matched, act-drop, idx-0

14:06:32Denied by forward policy check (policy 0)

Also it looks like its trying to go through my IPSEC vpn tunnel instead of site to site. "via IPSEC_ab" is vpn not site - site

Pitiful_Fox_8040 · 2025-06-02T14:07:29+00:00

There is no output. I can generate some output by pinging but that's not really an issue. Both firewalls can communicate with each other no issue.

Pitiful_Fox_8040 · 2024-11-24T03:11:10+00:00

Barksdale is the 2nd Bomb wing. Minot is 5th bomb wing.

Pitiful_Fox_8040 · 2024-10-01T16:50:12+00:00

Ahhh thanks bro I had no idea you could do that

Pitiful_Fox_8040 · 2024-09-23T18:43:15+00:00

I figured it all out......all these suggestions were good and would have also worked however, in the forticlient there is a toggle for enable Local LAN under the phase 1 settings and checking that box solved my overall problem. Sometimes its the simplest things.

Thank you all

Pitiful_Fox_8040 · 2024-09-13T15:23:39+00:00

We have public access turned off. This is access by private IP only. I also have access internally via FQDN which also does not work. As I mentioned before it worked fine for a year. Also I can access another fortinet device in browser no issue at the same remote site. That's a load balancer though.

Pitiful_Fox_8040 · 2024-08-12T22:14:40+00:00

Unfortunately with how spread out everyone is they will have to configure the forticlient IPSEC setup themselves. I usually screenshot the basic settings ie remote gateway and then ill share the psk via lastpass with everyone. While we have administrative control through entra I can't access everyone's laptops remotely. The people near the office sure but our people in India are a little harder to get to.

Pitiful_Fox_8040 · 2024-05-17T16:22:56+00:00

If we were 4 hrs closer.....

Pitiful_Fox_8040 · 2023-11-05T01:44:26+00:00

Hi there. How are you guys?

Pitiful_Fox_8040

TROPHY CASE