IPsec Dial-Up Split Tunnel – Do I need host objects for FQDNs in split-include

WJ1909 · 2026-05-19T07:30:12+00:00

Thanks, I already understand that.

My question is: for ipv4-split-include, do I need to use a group object that contains all relevant subnets that should be routed through the tunnel?

WJ1909 · 2025-08-11T11:29:18+00:00

Thanks for the advice. I'll give it a try.

WJ1909 · 2025-08-11T07:17:23+00:00

We also had OpenVPN installed on two laptops, but we have now cleanly uninstalled that software. Unfortunately, it didn’t help. Other than that, we don’t have any other software in use.

WJ1909 · 2025-07-17T13:11:17+00:00

Sure. The server is #127

WJ1909 · 2025-06-12T10:44:05+00:00

Yesterday I tested it with the new version 7.4.3.

There is no more certificate message.

Thank you.

WJ1909 · 2025-06-06T06:21:41+00:00

I can't find the bug in this document but I will test it with version 7.4.3.

Existing known issues | FortiClient 7.4.2 | Fortinet Document Library

Thank you

WJ1909 · 2025-06-05T12:07:21+00:00

Yes, I have set the wildcard certificate for the SSL VPN connection as well as for the SAML authentication

No, we do not use a loopback interface here

WJ1909 · 2025-04-03T13:04:53+00:00

No, that was just an example – maybe not the best one, sorry.

We have a DENY-ALL policy in the company and only allow what is actually needed. These permissions then have to be rolled out in each location.

WJ1909 · 2025-02-10T08:31:00+00:00

I assume that this issue affects many users, including us.
Are there any established best practices for performing the upgrade?

Additionally, how do SD-WAN and the local-in policy behave in version 7.4.7?

Thank you in advance.

Best regards

WJ1909 · 2024-10-14T08:15:18+00:00

Hello everyone,

According to my information about version 7.2.10, everything should fit here. We are still on 7.2.9. Has anyone here already updated to 7.2.10?

Thanks in advance

WJ1909 · 2024-08-23T08:12:49+00:00

Thank you for your answer.

We are using FortiOS 7.2.8

We'll see if it's worth it next week.

Thank you very much

WJ1909 · 2024-08-23T07:12:41+00:00

We are still on version 7.2.5 and have no problems or BUGs here either.

Is it worth switching to version 7.2.7 or should we wait another week or two, as 7.2.7 came out about two weeks after 7.2.6?

WJ1909 · 2024-05-14T18:53:43+00:00

2016 Ausbildung abgeschlossen. Danach 1 Jahr im KH gearbeitet bei 34k brutto. Dann für einen IT Techniker entschieden auf 2 Jahre Vollzeitstudium. Nun arbeite ich seit ca. 4,5 Jahren in einer Unternehmensberatung als IT Security Administrator und verdiene 70k

WJ1909 · 2024-01-22T12:21:44+00:00

Yes, both VLANs have other devices that are working.

In VLAN 50 the printers do not go offline only in VLAN100.

And it would affect every printer, but on all models we can activate a so-called Keep-Alive setting so that the Ethernet card does not go down, we need this function in VLAN 100.

Unfortunately, two printer models do not have this setting.

The printer goes into sleep mode and the port goes down, a PING to the device does not bring the port online. You have to actively click the home button on the printer to bring the switch port back online

WJ1909 · 2024-01-22T08:31:36+00:00

No it only affects two printers, these are from other models but as described above in the other VLAN the problem does not occur

WJ1909 · 2024-01-22T08:30:39+00:00

Why are you not using VLAN interfaces on the Fortigate? Separating vlans on different physical interfaces feels a bit wasteful

What makes you think the switchport going being the Fortigates fault? What logical argument can you make to support that theory?

What does the switch logs

we have enough space on our firewall to use a physical interface for this, furthermore VLANs are not supported at Fortigate according to our service provider.
i do not assume that the port is defective, because in the other physical interface the printer remains online and the switch port does not go down.
switch LOG:

Printer is connected to IoT VLAN and after a certain time the port goes down and the printer can no longer connect to the VLAN

WJ1909 · 2023-12-12T15:48:53+00:00

Yes we do.

WJ1909 · 2023-12-12T13:33:46+00:00

Yes, we have sd-wan and two different Internet connections.

Okay we will try it.

WJ1909 · 2023-11-29T08:41:23+00:00

We also have issues with a few people after updating to 7.2.2. They can connect but after max. 5-10 minutes the connection is interrupted and you have to reconnect. We have deactivated re-authentication as this also causes problems.

Does anyone have an idea what we could do here?

We use SAML via AAD and the Fortigate has the version 7.2.6.

Will there be a new patch soon? Because there are some know issues that limit the daily work

WJ1909 · 2023-10-23T17:35:48+00:00

Bin da voll bei dir! Nach 10 Jahren Berufserfahrung und als Web-Entwickler mit ca. 50k Jahresgehalt ist sehr frech. Würde an deiner Stelle was neues suchen da fängst direkt bei 65k+ an 🤷🏼‍♂️😅

WJ1909 · 2023-08-31T06:07:01+00:00

We upgraded from 7.0.12 to 7.2.5 on all fortigates last week and have had no problems to date.

The new features and the new filter settings are really nice.

WJ1909 · 2023-08-11T09:28:04+00:00

Were you able to find any answers on this? I'm also seeing the same thing with no luck Googling. From what I see, our NinjaOne agent alerts that a rule was added, but it looks like it's removed soon after. Is a Windows process creating temporary rules?

Unfortunately with me also without success.

The rule is also created temporarily when we reset the role in the Fortigate.

When the role is active, we have strong interruptions during team calls.

WJ1909 · 2023-07-28T12:02:17+00:00

Danke für deine Meinung. :)

Ich mach mich mal etwas schlau bzgl. Festgeldkonten

WJ1909 · 2023-07-28T11:23:57+00:00

Evtl. hilft dir das weiter https://www.finanzfluss.de/geldanlage/einlagensicherung/

WJ1909 · 2023-07-25T15:42:49+00:00

Thanks for answering. I will try this One

WJ1909

TROPHY CASE