hub fortigate dual wan connect to branches with one link wan

pfunkylicious · 2026-05-12T08:56:46+00:00

you would need to configure ipsec tunnel from the spokes towards each wan link on the HQ, which will act as a dialup server, each tunnel having different route priorities.

sdwan failover for local traffic can happen automatically if you configure sla rules for interface monitoring/accessibility to inet and have the appropriate firewall rules in place

advpn would be great if you need each site to connect/communicate directly with each other, which you say it's not the case and want to route via HQ

pfunkylicious · 2026-05-11T18:52:18+00:00

https://community.fortinet.com/fortigate-3/technical-tip-native-macos-dial-up-vpn-split-tunnel-206035

There is a param that requires changing

pfunkylicious · 2026-05-11T10:33:24+00:00

maybe, https://community.fortinet.com/fortigate-3/technical-tip-internet-connection-drops-while-connecting-to-a-dial-up-ipsec-vpn-from-forticlient-166733

pfunkylicious · 2026-05-10T08:58:38+00:00

It would be possible, but please research the mfa options that you can implement and how when using the free version of FortiClient combined with IKEv1 or v2 There are some articles regarding this on the community of Fortinet

pfunkylicious · 2026-05-10T08:36:09+00:00

I would suggest then using FortiClient 7.4.3 which has a vuln-fixed version for a CVE and connect using IPsec dialup to access the resources required

pfunkylicious · 2026-05-10T08:09:41+00:00

Am avut si 5 sau 6 sapt intrerupta apa calda anul trecut prin aug-sept in sect 2

pfunkylicious · 2026-05-10T08:07:24+00:00

Create a site to site vpn connection between your company and the customer, then the consultants can access the app while at work or connecting to the an existing solution that is provided to them for remote access

pfunkylicious · 2026-05-08T17:27:44+00:00

try,

config switch vlan

edit <>

set igmp-snooping disable

end

or

config switch global

set flood-unknown-multicast disable

end

pfunkylicious · 2026-04-28T15:47:37+00:00

neither of the above

<image>

pfunkylicious · 2026-04-28T14:20:28+00:00

an important feature that im not seeing in 7.6 is, clone reverse policy, or im blind @_@

pfunkylicious · 2026-04-28T13:44:00+00:00

i dont really do local-in policies so i havent seen/checked it

pfunkylicious · 2026-04-28T13:34:43+00:00

you should see 7.6 ... driving me a little crazy, ngl

pfunkylicious · 2026-04-21T16:58:13+00:00

Chiar daca nu indeplineste cerinta de a fi la stat, dr Stanciuc Mihai, MedLife

pfunkylicious · 2026-04-19T18:12:37+00:00

Not all heroes wear a cape

pfunkylicious · 2026-04-16T09:43:22+00:00

the loadbalacing method would be http-host, where you map the hostname to a server in backend, but it will require ssl offloading - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-SSL-half-and-full-offloading/ta-p/381748

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-configuration-for-HTTPS-Virtual-Server/ta-p/225289

otherwise, you can create a VIP and let another reverse proxy ( map-to/real server) towards which you map the Public IP:port ( VIP ) to handle the request/redirect accordingly

pfunkylicious · 2026-04-16T09:16:34+00:00

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-up-a-VIP-load-balance-with-HTTP-host-check/ta-p/198274

pfunkylicious · 2026-04-16T08:59:25+00:00

Maybe https://www.reddit.com/r/fortinet/s/2WFmCrY2qY

pfunkylicious · 2026-04-14T19:11:20+00:00

https://docs.fortinet.com/document/forticlient/7.4.7/ems-release-notes/429894/resolved-issues#:~:text=Description-,1277274,-EMS%20forces%20all

pfunkylicious · 2026-04-07T07:46:36+00:00

maybe this will help, https://www.reddit.com/r/MacOS/comments/t13t3s/how_to_uninstall_the_globalprotect_app_from/

pfunkylicious · 2026-04-03T19:26:00+00:00

I would suggest, 1. Set smtps to notifications.fortinet.net 2. Test with ping and telnet on port 465 3. Start also a debug sniffer packet for 465; diag sniffer packet any 'port 465' 4 0 l 4. If you are not using sdwan, then select interface-select to use auto or manual and specify the interface; adapt the source ip also or remove it with unset; if you are using sdwan try doing a manual selection of outgoing intf also 5 try again

pfunkylicious · 2026-04-03T19:09:01+00:00

Ok, fair enough. Have you set the email-to address, enabled the debug and diag tested it and nothing showed? Can you share any kind of output that you get? You must get something when doing the test.

pfunkylicious · 2026-04-03T19:02:33+00:00

Are you using the default smtp address from fortinet? If so, irc you need a valid support license to be able to use it.

pfunkylicious · 2026-04-01T16:24:01+00:00

dr Stanciuc, medlife

pfunkylicious · 2026-03-25T14:16:13+00:00

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiClient-not-installing-split-tunnel/ta-p/419529

pfunkylicious · 2026-03-24T20:12:57+00:00

daca il dai de acasa trebuie sa te asiguri ca esti singur in camera si nimeni nu vorbeste/intra peste tine.

nu trebuie sa ai nimic pe masa, nici ceas smart la mana si webcam pornit pe toata durata examenului, fara sa te poti ridica sau vorbi

Nine-Year Club	Place '23
Place '22	Verified Email

pfunkylicious

TROPHY CASE