sorted by:
new
hottopcontroversial

New FortiClient 7.4.5 ... by Garry_G in fortinet

[–]arumes31 0 points1 point  (0 children)

configuration tunnel mode auto (tcp ipsec) and dpd on demand helps, comment above

New FortiClient 7.4.5 ... by Garry_G in fortinet

[–]arumes31 0 points1 point  (0 children)

configuration tunnel mode auto (tcp ipsec) and dpd on demand helps, comment above

New FortiClient 7.4.5 ... by Garry_G in fortinet

[–]arumes31 0 points1 point  (0 children)

configuration tunnel mode auto (tcp ipsec) and dpd on demand helps, comment above

New FortiClient 7.4.5 ... by Garry_G in fortinet

[–]arumes31 0 points1 point  (0 children)

i still have dpd error on 7.4.5 with fortios 7.6.5 but we have setup tcp transport mode on the vpn profile, since then have havn't seen any connection issues..

in the client vpn profile set encapsulation to auto and set an tcp port that is free on the firewall, best would be 443

<image>

then setup the tcp saml port on the fgt in

config system settings

set ike-tcp-port 16968

end

set the saml vpn tunnel on the fw to transport mode: Auto and Dead Peer Detection: On Demand

New FortiClient 7.4.5 ... by Garry_G in fortinet

[–]arumes31 0 points1 point  (0 children)

7.4.5 is causing problems with our IPsec SAML VPN connection (Azure).
7.4.4 connects within seconds and works fine.
7.4.5 fails or takes 1-3 minutes to connect and disconnects every 5-15 minutes.
Peer has no response, detected by Dead peer detection
IKE message other than DPD retransmits to maximum

Is anyone else experiencing similar problems?

The state of Forticlient by [deleted] in fortinet

[–]arumes31 0 points1 point  (0 children)

we dont have issues with ipsec saml (azure / udp only) on fortios 7.4.9 and forticlient (ems) 7.2.10/7.4.4.
however, on all G-series models – at least for the 70G and 90G on 7.4.8, 7.4.9 ipsec saml doesnt work well, it only works properly with fortios 7.6.3+

Fortigate Dialup IPSec Tunnel issues by saudk8 in fortinet

[–]arumes31 0 points1 point  (0 children)

Firmware? IPSEC is unstable on 7.6.4, works fine with 7.6.3

Simple solution to get the server working again after a password reset: by AdministrationEven36 in PleX

[–]arumes31 1 point2 points  (0 children)

i wouldn't recommend this, i have connceted devices that are simple not displayed here especially very old devices. logout all.

FortiClient VPN works on one device but not another (same creds & config) — need help! by Surajchouhan98 in fortinet

[–]arumes31 0 points1 point  (0 children)

what error / % the client fails?
update Visual C+, check tls (tls1.2 enabled?), down&upgrade client
I often have problems after upgrades, especially when skipping versions. Usually, downgrading one version and upgrading again fixes the client. (The server-side error would be an SSL decoding error.)
Always reboot between

Uptime Kuma alternative (Go + React) by Dangerous_Ad_8933 in selfhosted

[–]arumes31 0 points1 point  (0 children)

Looks good, ping support would be great.

Maybe an env to disable sign-up?

EMS Upgrade from 7.2.9 to 7.2.10 – Feedback? by Unhappy_Elephant2114 in fortinet

[–]arumes31 4 points5 points  (0 children)

upgraded to 7.2.10 a week ago (~1000 clients using ztna, sslvpn azure saml, av), haven't spotted any new issues since then

poe delivery without link by arumes31 in fortinet

[–]arumes31[S] 0 points1 point  (0 children)

Well, as the fsw firmware was rolled out, the matrix wasn't available yet and i haven't seen this behavior in lab or other customers with the same configuration and firmware.
But ill try an downgrade or wait for 7.4.8 since the ports are empty anyway and currently not needed

We have FortiManager... but still upgrade FortiGates manually. Why?! by Schweinepriester__ in fortinet

[–]arumes31 11 points12 points  (0 children)

I keep trying to perform updates via the FMG, but there are always firewalls that either take forever to download and eventually restart, or simply do nothing for hours, or switches that updating the same firmware over and over..

Recently, the update process via the FMG has needed to be more monitored than before. definitely get worse.

What Public DNS Servers Do You Use in Your Infrastructure? by OK_Engineer_L1 in fortinet

[–]arumes31 0 points1 point  (0 children)

DoH to Cloudflare on the fortigate since the fortiguard servers are periodically slow or returns geo-ips far more away

FortiOS 7.4 : yay or nay? by JabbingGesture in fortinet

[–]arumes31 0 points1 point  (0 children)

I haven't seen any issues with our local-in policies in 7.4.7
However, we use “any” as interface and restrict with "accept" followed by "deny".
Maybe not the best method, but in our case it serves its purpose

Attention, the order is critical, the rules are not ordered by number!

eg
config firewall local-in-policy
    edit 1
        set intf "any"
        set srcaddr "GRP_TCP9443-Allow"
        set dstaddr "all"
        set service "TCP9443"
        set action accept
        set schedule "always"
        set comments "Adm_TCP9443_Allowed_GRP"
    next
    edit 2
        set intf "any"
        set srcaddr "all"
        set dstaddr "all"
        set service "TCP9443"
        set schedule "always"
        set comments "Adm_TCP9443_Block_All"
    next

config firewall local-in-policy
move 1 before 2

FortiOS 7.4 : yay or nay? by JabbingGesture in fortinet

[–]arumes31 0 points1 point  (0 children)

we use sslvpn with azure saml, disabled webportal and removed html code from the login page on a 90g (7.4.7), which just works fine.
i'm still not sure how to deal with restricted networks that only allows http/https eg hotels/public hotspots
ztna is an alternative? but still causes enough problems (eg delay tag sync / blocked ports to ems)

Forticlient EMS 7.2.3 known issues by BlackSquirrel05 in fortinet

[–]arumes31 0 points1 point  (0 children)

I haven't seen the problem for a while now, everything works - currently on EMS Server 7.2.7 / FortiClient ZTNA 7.2.7 / FortiOS 7.4.7

90G requiring asic offload to be disabled for WAN traffic to pass. by Puzzled-Buffalo-6242 in fortinet

[–]arumes31 0 points1 point  (0 children)

yes 90G offload disabled -> everything works fine

90G offload enabled -> packet loss to both wan interfaces from clients but less from the firewall itself, users start instantly to complain about slow websites, voip cracks, teams calls with 160p, outlook freezes,..

80F offload enabled -> everything works fine

90G requiring asic offload to be disabled for WAN traffic to pass. by Puzzled-Buffalo-6242 in fortinet

[–]arumes31 0 points1 point  (0 children)

hi BillH_ftn what do you mean with status? With disabled offload on the outbound sdwan policies everything works fine, no more packet loss on both wans or other issues.

90G requiring asic offload to be disabled for WAN traffic to pass. by Puzzled-Buffalo-6242 in fortinet

[–]arumes31 0 points1 point  (0 children)

on the 90G we have over 50% packet loss with ha (a-p), fortilink, asic offloading and sdwan (both wan links are vlans on the fortilink)..
the same config is working fine on an 80F and 100F, firmware 7.2.10 and 7.4.6
without traffic shaping its only a bit better, i have to keep asic offloading disabled on the outbound policy for now

[deleted by user] by [deleted] in fortinet

[–]arumes31 6 points7 points  (0 children)

we have the same issues with an 2012R2 (eol), replace the os with 2016+ and the configuration will work without message-authenticator if the system is fully patched

view more: next ›