Search Results

(2018-08-02) Problem Site to site VPN not coming up. Solution it depends what you would like to troubleshoot. If you like to troubleshoot the Phase1/2 of a VPN your command is the way to go which means: diag debug reset diag debug disable diag debug applicatio...

(2019-04-10) Problem Wifi WPA/WPA2 access tests that depend on a LDAP (Active Directory) user group fail. Solution You can't use a LDAP group for Wifi authentication because of the way that the user credentials are encoded before being passed through -- for so...

(2022-02-08) Problem What do we have to do to permit the LDAP lookup account to be able to change passwords on the AD server? Solution that feature has two pre-requisities: works with Microsoft AD server ONLY ! so second statement page 720 (as mentioned, I h...

(2020-09-14) CLI Restore Configuration > execute restore config tftp <filename> <ip> > execute restore config ftp <filename> <ip> <username> <password>

(2021-07-20) Problem Display logs from a console session. Solution Select log source: # execute log filter device Optional: select log category: # execute log filter category Display: # execute log display Some examples from the source: # execute log filter...

(2021-06-16) Limited iPerf3 on Fortigates # diag traffictest client-intf port1 <----- Define FortiGate port. # diag traffictest server-intf port1 <----- Define FortiGate port. # diag traffictest port 5209 <----- Define iPerf3 port ...

(2022-01-17) Problem IPSA self test failed, disable IPSA! Solution FW # conf ips global FW (global) # set cp-accel-mode none FW (global) # end Discussion Hardware Acceleration for flow-based security profiles (NTurbo and IPSA) Some FortiGate models support a...

(2021-10-07) Problem Who's logged in from where? Solution # di firewall auth list

(2022-02-15) Problem I want a (or a bunch of) read-only admin(s) with global scope. Solution # config global # config system accprofile edit "admin_readonly" set admingrp read set authgrp read set endpoint-control-grp read s...

(2022-06-17) Problem SD-WAN no workie. Solution You can probably figure out information from some or all of these: # diag sys virtual-wan-link member # diag firewall proute list # diag sys virtual-wan-link health-check # diag sys virtual-wan-link service # dia...

(2020-01-11) Problem If you try to put an IP address on a VPN tunnel interface, the minimum netmask you can apply to that interface is /27. Solution hashtag-shruggie Commentary That's a lot of IP addresses to waste on a point-to-point link, especially one wher...

(2020-03-24) Problem What does this error code that FortiClient SSLVPN is giving me? Solution If FortiClient fails as the following stages, the likely cause is as follows: 10% – Local Network/PC issue 40% – Application or the Fortigate causing the error, occa...

(2024-02-08) Problem The local, internally generated certificate that the Fortigate presents for various things has expired. Solution # execute vpn certificate local generate default-ssl-key-certs Are you sure to re-generate the default RSA, DSA, ECDSA and Ed...

(2023-02-21) How many can I define? On the device in question: fgt300d-a # print tablesize system.vdom: 0 0 10 system.datasource: 0 0 0 system.accprofile: 0 0 18 system.npu:port-cpu-map: 0 256 512 system.np6: 0 256 512 [...] Output isn't greppable, unfortuna...

(2024-02-06) Problem CLI way to duplicate the "policy lookup" tool Solution diagnose firewall iprope lookup <src ip> <src port> <dst ip> <dst port> <protocol> <Incoming_interface> eg: # di fire iprope lookup 10.291.12.21 999 10.150.32.144 1433 tcp port1 (Sou...

(2023-11-15) Example Link Monitor Configuration config system link-monitor edit "VLAN601" set srcintf "VLAN601 set server "172.26.2.49" set gateway-ip 172.26.2.49 set source-ip 172.26.2.50 set interval 1000 set failtime 15 set recoverytime 15 next end Example...

Problem # telnet localhost 110 Trying 127.0.0.1… Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. +OK dovecot ready. user $USERNAME +OK pass $PASSWORD +BYE internal login failure. error report written to server log. Solution In /etc/d...

(7 August 2012) Problem Running a yum operation on CentOS 4, I get the error: not using ftp, http[s], or file for repos, skipping - 4 is not a valid release or hasnt been released yet Solution CentOS 4 is now EOL and has to be retrieved from the vault: Open ...

Problem You has some variety of the Adaptec 2010s RAID SCSI controller installed. Solution CentOS 4.7 (and earlier 4.x) includes a driver for it, but the autodetection routines don’t work. You have to do this at the install CD boot prompt: Boot: linux text nop...

Installing ntfs support for CentOS RedHat and CentOS do not include ntfs, possibly for legal reasons. Update (thank you Dr Tru Huynh): A RPMforge-friendly method detailed here; this is probably safer in the long term as it means it is more likely that you'll g...