Видео

@castle4757 a VIP should help you get into your management IP from outside your network, but your should be able to access your management interface on the same subnet. You can also add a policy to enable you do that

@techy-world3716 I have created ingress and egress rule for mgmt subnet at Gcp allowing everything. Are u saying I need to configure a vip on Fortigate to get access from management external ip?

the same command but with "disable" option

​@@jacobkuma924 Go to SSL VPN Portal and disable Split Tunneling if you want to use Full Tunnel. If you want to use Split Tunneling, ensure that you define the ERP subnet inside the routing address under the Split Tunnel options in your SSL VPN Portal

It's done but still

@@jacobkuma924 Question: Are you using full tunnel or Split Tunneling?

@@techy-world3716 full tunnel

Please make sure you have a firewall policy to route your traffic from SSLVPN to your ERP subnets

Absolutely you can you SAML SSO

@@techy-world3716 Can you make a video on how to connect IPSEC to MFA 365 (saml sso)

Great!

@@xlv600tr Tell me exactly where you need support. I can give you some pointers

@@techy-world3716 thank you so much! I made 2 VLAN on FortiGate 60F (VLAN 10 and VLAN 25) using a a Zyxel GS1900 managed switch in testing enviroment. If I configure clients with fixed IP it works, but they aren't able to get IP from DHCP server ( configured on eachFortigate vlan, 192.168.10.1/24 and 192.168.25.1/24). I don't understand if the problem is the switch that is stopping DHCP service or if there is other configuration to do on firewall.

@xlv600tr If you scroll down on your VLAN 10 and VLAN 20 interfaces there, you will see the option to enable DHCP. The DHCP can be configured on your firewall, or you can configure it on your Zyxel GS1900 switch. If DHCP is configured on your switch, you will need to enable DHCP relay under the advance option below the DHCP on the fortigate 60F firewall.

@@techy-world3716 Thank you again. In switch menu I find only if switch receive ip from dhcp or if it has to fixed (for management). On fw it is active on both VLANS

@@619Hiker You can add a new ISP to WAN 2 without losing WAN internet access. As long as the Administrative Distance on WAN 1 is not higher than WAN 2. It should continue to work

It's my pleasure

Yes it show resync

@@techy-world3716 hello sir, i have some technical questions about this ? could you able to help me ?

This error is due to a trial license you are using which only allow 4 interfaces. What you can do is to use 2 interface (1 for WAN and the other for LAN which will include VLAN sub interfaces)

This video will show you how to remove interfaces ruclips.net/video/jCJLwmfP0uM/видео.html

Watch between 2mins - 5mins of this video that shows how to create VLAN which is the sub interfaces you are trying to create

Iam unable to create sub interface in fortigate firewall, below error is coming Maximum number of entries has been reached. Object set operator error, -4 discard the setting.

@@psksuresh8800 Delete 2 of your physical interfaces. You are using a trial license. You will be allowed 4 interfaces on a trial version. So best is to delete 2 physical interfaces and use 1 for WAN and the other interfaces for your sub interfaces

Sir, how to delete interface port3

Kindly support sir,we suffer last two weeks for this issue

I recommend you watch this video ruclips.net/video/ac1L9ApwLlk/видео.html

@victorjames6242 You can balance the traffic across both link, you can select both outgoing interface as your interface preferences. The short answer is YES you can use both link simultaneously

You are absolutely correct about hotels and motels blocking port 443. I recommend people use their own personal Hotspot if possible. Public WiFi is not the best.

@@techy-world3716 I have seen here that cell hotspots also block non typical ports so 443 is also the best there

@@techy-world3716 Agree that public wifi is not best if you have using split tunnel then user can use ssl vpn and then all their traffic will be encrypted. Personal hotspot doesnt work well for sales or other guys if you are in different region due to cost.

Yes, there is no need to setup smtp server and port.

@@techy-world3716 Thanks

@@techy-world3716 But if I have my smtp server in cloud or local, how to specify?

LAN 2 network has some management features, such as HTTPS or FMG. Once any of the Administrative Access is enabled on that interface that makes it a management interface.

Please watch the Part I of this Video ruclips.net/video/aNHIQdwXbas/видео.htmlsi=0OUvlJpzNP0zxui3

Check your SPAM inbox, FortiToken can be sent into your GMAIL inbox without issue.

GNS3 is the application used to draw the topology

When NAT is enabled on a policy you are stating that you need the private IP translated to the public and vice versa. This is mostly used when you intend for that policy to go to the internet. If the traffic is going to the LAN or VLANs only there is no need to enabled the NAT option on the policy.

I am not too sure I fully understand your point. Here is a pointer, if the traffic is destined for the internet selecting all as the destination is best since you don't want to create different policy for traffic going to teams, zoom, Facebook, outlook etc. But if you the destination is local, then selecting a single remote network is best practices.

The answer is Yes. You can configure multiple physical and Virtual interfaces and even route between them. What you need is policy. To answer your question YES it is possible

Great suggestion!