Tag: FortiOS
-
Policy-Based Routing vs Route-Based: The Mistake That Broke Our Failover
Policy-based routing overrides the routing table — a PBR rule pointing to a dead link will blackhole traffic even if a route-table failover exists.
-
FortiGate Certificate Inspection for LDAP/Active Directory: Why Secure LDAP Breaks
FortiGate LDAP authentication to Active Directory fails silently when the DC certificate is self-signed and the FGT CA store doesn’t include the issuing CA.
-
FortiGate IPv6 Dual-Stack: Configuration Mistakes That Break IPv6 Connectivity
FortiGate IPv6 policies are completely separate from IPv4 policies — enabling IPv6 on an interface without matching IPv6 policies creates an unfiltered IPv6 path even when IPv4 is correctly restricted
-
FortiGate HA Failover That Wasn’t: Debugging an Active-Passive Cluster That Never Failed Over
An HA cluster that has never failed over in production is not a tested HA cluster — it is a false confidence risk.
-
FortiGate Firmware Upgrade: What Nobody Tells You About the Upgrade Path
Skipping intermediate versions in a FortiGate firmware upgrade path causes silent configuration corruption — the unit boots but behavior is undefined.
-
Why Our FortiGate SSL VPN Kept Dropping After 4 Hours — And the Fix
Default SSL VPN idle timeout is 300 seconds — most engineers never check it until users start complaining.
-
FortiGate BGP Route Redistribution Gone Wrong: How We Leaked Internal Routes to the Internet
Redistributing connected routes into BGP without a route-map filter will advertise every subnet on the FortiGate — including management and internal networks.
-
FortiGate vs Palo Alto Policy Management: Key Differences Explained
FortiGate and Palo Alto Networks NGFW take fundamentally different approaches to security policy management. This side-by-side comparison helps engineers migrating or evaluating both platforms.
-
FortiGate Policy Optimization: A Complete Guide for Network Engineers
The definitive FortiGate policy optimisation reference: hit-count analysis, shadow rule detection, naming conventions, VDOM best practices, and automation — everything a network engineer needs to maintain a clean, efficient rule base.