Category: FortiGate
-
IPS False Positives in OT Environments: Tuning FortiGate to Stop Blocking PLCs
IPS signatures designed for enterprise IT traffic will classify legitimate OT protocol behavior as attacks — tuning is not optional in manufacturing networks.
-
FortiGate Certificate Inspection for Office 365: Why Teams Breaks and How to Fix It
Microsoft Office 365 uses certificate pinning for Teams and OneDrive — deep SSL inspection will break these applications unless Microsoft IP ranges are exempted from inspection.
-
Policy-Based Routing vs Route-Based: The Mistake That Broke Our Failover
Policy-based routing overrides the routing table — a PBR rule pointing to a dead link will blackhole traffic even if a route-table failover exists.
-
FortiGate IPv6 Dual-Stack: Configuration Mistakes That Break IPv6 Connectivity
FortiGate IPv6 policies are completely separate from IPv4 policies — enabling IPv6 on an interface without matching IPv6 policies creates an unfiltered IPv6 path even when IPv4 is correctly restricted
-
FortiGate HA Failover That Wasn’t: Debugging an Active-Passive Cluster That Never Failed Over
An HA cluster that has never failed over in production is not a tested HA cluster — it is a false confidence risk.