Logging VPN events
Logging VPN events You can configure the FortiGate unit to log VPN events. For IPsec VPNs, Phase 1 and Phase 2 authentication and encryption events are logged. For information about how to interpret...
View ArticleVPN troubleshooting tips
VPN troubleshooting tips More in-depth VPN troubleshooting can be found in the Troubleshooting guide. Attempting hardware offloading beyond SHA1 If you are trying to off-load VPN processing to a...
View ArticleChapter 15 – IPv6
Chapter 15 – IPv6 The origins of Internet Protocol Version 6 (IPv6) date back to December 1998 with the publication of RFC 2460, which describes IPv6 as the successor to IPv4, the standard...
View ArticleIPv6 Features
IPv6 Features In order to configure IPv6 features using the web-based manager, IPv6 must be enabled using Feature Select. Go to System > Config > Features, enable IPv6, and click Apply. The...
View ArticleIPv6 Network Address Translation
IPv6 Network Address Translation NAT66, NAT64, and DNS64 are now supported for IPv6. These options provide IPv6 NAT and DNS capabilities withIPv6-IPv4 tunnelling or dual stack configurations. The...
View ArticleNAT66
NAT66 NAT66 is used for translating an IPv6 source or destination address to a different IPv6 source or destination address. NAT66 is not as common or as important as IPv4 NAT, as many IPv6 addresses...
View ArticleNAT64 and NAT66 session failover
NAT64 and NAT66 session failover The FortiGate Clustering Protocol (FGCP) supports IPv6, NAT64, and NAT66 session failover. If session pickup is enabled, these sessions are synchronized between cluster...
View ArticleICMPv6
ICMPv6 Internet Control Message Protocol version 6 (ICMPv6) is the new implementation of the Internet Control Message Protocol (ICMP) that is part of Internet Protocol version 6 (IPv6). The ICMPv6...
View ArticleIPv6 in dynamic routing
IPv6 in dynamic routing Unless otherwise stated, routing protocols apply to IPv4 addressing. This is the standard address format used. However, IPv6 is becoming more popular and new versions of the...
View ArticleNew Fortinet FortiGate IPv6 MIB fields
New Fortinet FortiGate IPv6 MIB fields The following IPv6 MIB fields have been added to the Fortinet FortiGate MIB. These MIB entries can be used to display IPv6 session and policy statistics. IPv6...
View ArticleIPv6 Configuration
IPv6 Configuration This section contains configuration information for IPv6 on FortiOS. Attempts are made to include scenarios in each section to better assist with the configuration and to orient the...
View ArticleChapter 16 – Optimal Path Processing – Life of a Packet
Chapter 16 – Optimal Path Processing – Life of a Packet Life of a Packet This FortiOS Handbook chapter contains the following sections: Optimal Path Processing introduces the concept of Optimal...
View ArticleHigh-level list of processes that affect packets
High–level list of processes that affect packets In general packets passing through a FortiGate unit can be affected by the following processes. This is a complete high-level list of all of the...
View ArticleClik here to view.
Packet flow ingress and egress: FortiGates without network processor offloading
Packet flow ingress and egress: FortiGates without network processor offloading This section describes the steps a packet goes through as it enters, passes through and exits from a FortiGate unit. This...
View ArticleUTM/NGFW
UTM/NGFW If the policy matching the packet includes security profiles, then the packet is subject to Unified Threat Management (UTM)/Next Generation Firewall (NGFW) processing. UTM/NGFW processing...
View ArticleClik here to view.
How to see errors and discards on FortiGate interfaces
Question: How do I go about seeing interface statistics such as discards, errors etc? I get this question a lot and figured I would make a post about it to help the masses. There is a simple way to do...
View ArticleClik here to view.
Packet flow: FortiGates with NP6 processors first packet of a new session
Packet flow: FortiGates with NP6 processors first packet of a new session On a FortiGate with NP6 processors the first packet in a new session is handled the same way as on a FortiGate with no NP6...
View ArticleClik here to view.
Packet flow: FortiGates with NP6 processors – packets in an offloaded session
Packet flow: FortiGates with NP6 processors – packets in an offloaded session The first packet of a session determines if the session can be offloaded. As long as there is no proxy-based UTM/NGFW, if...
View ArticleFortiOS 5.4.2 Release Notes
Introduction This document provides the following information for FortiOS 5.4.2 build 1100: Special Notices Upgrade Information Product Integration and Support Resolved Issues Known Issues Limitations...
View ArticleChange of FortiGuard Filtering Port to mitigate Internet link flaps
I have a friend that has some FortiGates at his business. I have been helping him troubleshoot some random WAN1 port flapping issues. Well, after doing some research and looking through the...
View Article