Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [fortigate]

firewall appliance made by fortinet - includes capwap wireless controller and fortios software

The FortiGate is a rack-mount next-generation firewall appliance with built-in managed switch ports and wireless CAPWAP controller for FortiAP access points. Manufacturer is Fortinet and device software is FortiOS.

More information about Fortinet on Wikipedia and specifics about the FortiGate product on official Fortinet site.

106 questions
9
votes
4 answers

What caused a huge amount network traffic via SSH?

I have a virtual server running Ubuntu 18.04 from a well known hosting company. This morning our Fortigate Firewall logs shows that my Win10 computer transferred 3.5TB to and 6.5TB from my virtual server over 13 hours (over last night) via SSH.…
CodePoint
  • 154
  • 6
7
votes
1 answer

Best Practice: notify email sender that their reverse lookup is broken

This probably should be a wiki, not entirely sure. Before I begin, the external server that performs scanning is a custom amavis/postfix/fortigate pipeline; it is suggested that any changes work within that environment. I have enabled reverse…
Avery Payne
  • 14,326
  • 1
  • 48
  • 87
5
votes
7 answers

Fortigate VPN client "Unable to logon to the server. Your username or password may not be properly configured for this connection. (-12)"

We're running a Fortigate 100D, and having some trouble with the SSL VPN via FortiClient. I installed FortiClient on an external Windows 7 PC a few days pack and the SSL VPN connected and worked. I uninstalled it from that PC and installed it on a…
jeremy
  • 855
  • 4
  • 19
  • 31
4
votes
3 answers

Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan

Here's the setup: I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem connecting to this VPN. I have been tasked with…
user2892724
  • 41
  • 1
  • 1
  • 3
4
votes
1 answer

VPN ERROR 500 STATE_MAIN_I1, unable to start phase2

i'm trying to set up a site to site vpn to a fortigate 60c from a CentOS 7 with openswan, the error i get everytime is the following 000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_v1_RETRANSMIT in 8s; nodpd; idle; import:admin…
Julio Villalba
  • 41
  • 1
  • 5
4
votes
0 answers

VLAN ID over DHCP for Management Interface of Fortinet FortiAP

When configuring the FortiAP device it's desirable to configure the VLAN ID for the tagged management network. Accordingly to the manual it's possible to do so by "telnetting" to the FortiAP device and setting the variable AP_MGMT_VLAN_ID by…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
4
votes
1 answer

Fortigate VPN Routing issue

I have 200B Fortigate unit with 2 internet WAN connections. I also have a remote site which I'm connected to via IPSEC VPN through WAN1. This site has only one GW IP address. I'd also like to setup a VPN ontop of WAN2 with that specific site as it's…
JustAGuy
  • 629
  • 3
  • 18
  • 35
4
votes
3 answers

FortiGate IPsec VPN: Configuring Multiple Phase 2 Connections (Multiple Subnets)

I am trying to make an IPsec connection to a FortiGate router using OpenSwan. The FortiGate sits on two distinct subnets and I need to access both of them. In the FortiGate I have defined one Phase 1 connection and one Phase 2 connection. This…
FixMaker
  • 235
  • 1
  • 3
  • 9
3
votes
0 answers

Set outgoing interface on Fortigate explicit proxy

I am testing the explicit proxy on a Fortigate 200D firmware 5.4 WAN1 and WAN2 are both members of the wan load balancer interface. I need to set the proxy to use WAN1 but it it is defaulting to WAN2. I've tried adjusting the explicit proxy rules…
Tim Brigham
  • 15,465
  • 7
  • 72
  • 113
3
votes
1 answer

Can I have an alert when a IPSEC is down in Fortigate 80C?

We have a fortigate 80c and 60D with an IPSEC VPN . Is there a way to use the log (or other tool) to send an email alert when the tunnel is down? I couldn't see anything on the Log & Report tab
Saariko
  • 1,791
  • 13
  • 45
  • 73
3
votes
2 answers

MikroTik IPsec client Fortigate 'Received ESP packet with unknown SPI.'

We have a client with 6 sites using IPsec. Every now and again, possibly once a week, sometimes once a month, data just stops flowing from the remote Fortigate VPN server to the local MikroTik IPsec VPN client. In order to demonstrate the symptoms…
Eugene van der Merwe
  • 435
  • 4
  • 9
  • 21
3
votes
2 answers

Suddenly cannot reach (ping) remote server on a remote site

We have 2 sites linked together with VPN tunnel (Fortigate 60C devices). On each site I have ESXi server with a couple of VMs. Normally, everything works fine. Site 1 (S1) subnet is 192.168.254.0/24, with Machine A1, A2 on ESXi1 Site 2 (S2)…
sbrisson
  • 131
  • 4
2
votes
1 answer

Is it possible to have name-resolution from Fortigate and local DNS server?

Can you advise on moving to a hybrid DNS? Currently, all our LAN machines receive their IP address from our Fortigate 60D (each machine is either allocated an IP address from the Fortigate DHCP, or has a static IP address set in the Fortigate). Our…
boardrider
  • 889
  • 2
  • 15
  • 26
2
votes
3 answers

Remotely connect to device with ip from different subnet

I have to figure out some way to remotely connect to D-LINK switch currently working on default address 10.90.90.90 (service guys have replaced broken one, but they have forgotten to do initial config). The problem is it's connected directly to lan…
mi_k
  • 31
  • 1
  • 5
2
votes
1 answer

Fortigate IPSEC VPN Issue

Have a challenging question here. We have a Fortigate 620B which we're trying to use to route some traffic over a VPN tunnel to a customer. We want the traffic to go out of our interface with one of our public IPs (we have it set to NAT the address…
natediggs
  • 107
  • 4
  • 5
  • 13
1
2 3 4 5 6 7 8