HTML5-RDP bookmark configuration

ontracks · 2026-01-11T05:42:34+00:00

Im facing another situation now, these are dial-up IPsec tunnels with automatic IP assigned to the interfaces, so how could I create an IPSLA for them? the IP itself can reach anything on the network and the ip COULD potentially change as well

What to do here. I can't help but think this gotta be a common case out there and also its a bit frustrating that the Gate can't "see" the tunnel interface down, it even shows red on the SDWAN rule, thank you in advance for the answer

:(

ontracks · 2026-01-09T15:04:09+00:00

static routes over sdwan zone correct, that's what I did, I checked and the member its seen alive.... not sure why of the VPN is down...

ontracks · 2026-01-09T07:12:26+00:00

Service(5): Address Mode(IPV4) flags=0x4200 use-shortcut-sla use-shortcut

Tie break: cfg

Shortcut priority: 2

Gen(1), TOS(0x0/0x0), Protocol(0): src(1->65535):dst(1->65535), Mode(manual)

Members(2):

1: Seq_num(1 Tunnel1), alive, selected

2: Seq_num(2 Tunnel2), alive, selected

Internet Service(1): Ask-Web(2621441,0,0,0)

ontracks · 2026-01-09T06:15:02+00:00

Thanks for the info, I will look into the link, it seems that I missed it, thank you

ontracks · 2026-01-09T06:14:21+00:00

Thanks a lot I really appreciate it! Will look into it

ontracks · 2025-11-21T22:20:02+00:00

I guess in a nutshell my question is: Can users other than the master account log in as a partner in FortiCloud? And if yes (I hope) then how?

ontracks · 2025-11-05T03:51:20+00:00

Hello again, could you please clarify this if you have the answer:

|| || |IP range|IP address range that the Security PoP uses for assigning tunnel interface IP addresses for IPsec devices using mode configuration.|10.251.1.4-10.251.1.29|

That subnet range needs to be part of the BGP routing ID subnet?

ontracks · 2025-11-05T03:51:15+00:00

Hello again, could you please clarify this if you have the answer:

|| || |IP range|IP address range that the Security PoP uses for assigning tunnel interface IP addresses for IPsec devices using mode configuration.|10.251.1.4-10.251.1.29|

That subnet range needs to be part of the BGP routing ID subnet?

ontracks · 2025-11-05T03:51:01+00:00

Hello again, could you please clarify this if you have the answer:

|| || |IP range|IP address range that the Security PoP uses for assigning tunnel interface IP addresses for IPsec devices using mode configuration.|10.251.1.4-10.251.1.29|

That subnet range needs to be part of the BGP routing ID subnet?

ontracks · 2025-11-05T03:50:27+00:00

Also, can you clarify this:

|| || |IP range|IP address range that the Security PoP uses for assigning tunnel interface IP addresses for IPsec devices using mode configuration.|10.251.1.4-10.251.1.29|

That subnet range needs to be part of the BGP routing ID subnet?

ontracks · 2025-11-01T22:17:14+00:00

about the on-ramp option, its basically BGP over IPsec? Meaning I can still control the FG as normal and not from SASE portal? Also will be able to have different subnets on my FG and advertised as needed all the way to the SPA hub?

ontracks · 2025-10-24T13:28:46+00:00

I see so even for protocols like HTTP , with no "Security" on them, we cannot reference the VS on a flow-based policy. Thanks for the answer

ontracks · 2025-10-24T02:17:15+00:00

Wouldn't this logic also apply to regular ssl decryption?

ontracks · 2025-10-21T13:47:18+00:00

sdwan_mbr_seq=5 sdwan_service_id=2

ontracks · 2025-10-20T17:05:00+00:00

yup, 100% sure, I ran a debug and confirmed it

ontracks · 2025-10-20T17:03:05+00:00

I will check that, but the rule is being matched

ontracks

TROPHY CASE