Comments
-
ah ok thanks!
-
I did remove Wg sw from mgmt server and did a reboot and then installed it again but same issue remains.
-
I know PPTP is unsecure.. but this is a customer we connect to and they insist on using PPTP for some reason...
-
Ah thanks! I will try that. /Martin
-
Now I removed (in setup/logging) "send log mess. to fb internal storage" (added it yesterday for test) and connected to fw from another mgmt station (FSM) and logs showed up! And it seems to be working from my normal workstation as well, at lest for now.. lets see how it goes.
-
Hi, I have a similar problem: M500 12.7.2 - newly re-installed to factory defaults and then started to build new config including adding a third party certificate (wildcard). Yesterday it worked fine for a while but now this morning no logs shows. Now I removed the third party cert for "Proxy" as I dont use it and use it…
-
Thanks. I figured it out, I just added "Pattern match" */wp-jzxo/wpp" with action "deny"
-
OK, have some issue finding an upload site, there is improvment for this forum to be able to add images ;-). Anyway: I have solved it by editing the HTTPS-rule, and then SNAT: I ticked "Set source IP: 192.168.116.xx"
-
Thanks, I will try it
-
Have you rekeyed the tunnel on M370? rekey/rebooted the fortinet fw?
-
Did you check traffic logs on both devices? Are they on same fireware version?
-
Hi, Is 192.168.10.200 pingable from the local network? Why setup static routes manually? No need they will be automatically created when setting up a BOVPN tunnel.
-
ok. so same way like the first network is setup (branch office tunnel/addresses)?
-
Thanks, I fully understand your point... I will have another thought about it.
-
Understood. We have it open for our lazy users only and it´s not possible to logon using http/80 as you will be redirected to https/443 login page
-
for redirection to https (443)
-
ok thanks, so I guess it is somehow "safe" and I also have IPS enabled
-
Thanks.. but will that cause security issues as we open port 80 towards mailserver from internet? Just for a short while that is as it will be redirected to https..
-
ah thanks. It´s ok now. I forgot that I came from another network into the trusted network of fw, only external was allowed to 443/SSLVPN...
-
Hi all, Problem solved; I created a new PFX with private keys and imporetd it to a Windows server (enabled export of priv. keys) and then I simply exported it to a new PFX Then I was able to import it to my XTM25-W. Thanks for pointing me to a solution! /Martin
-
Hi, I will look into the url Bruce. No we generated the CSR from Linux (OpenSSL) and we use the wild card cert on several servers, the cert in fb is for SSLVPN/authentication. I will try to export the PFX from a Windows server Gregg. /Martin
-
I did see this in the log while trying to import the pfx file: 2019-11-21 16:42:24 certd import cert pkicli error -982 Debug
-
thanks!
-
No link monitor enabled, not sure where I do that. I have only one external DNS server and two internal DNS servers specified.
-
Try using UDP port instead of TCP, using for ex. UDP 1194 can speed up things a bit.
-
Thanks, I will try that. /Martin
-
Thanks a lot! Solved.
-
Thanks, that was it!
-
I also tried to open the config file offline and remove the rule, then I got this message: "Policy: Any From Firebox cannot be deleted because it is either a predefined, DVCP-created, template-created, or Dimension managed VPN policy" :neutral:
-
I tried to do it in CLI: WG(config/policy)#no rule "Any From Firebox" Error: "You cannot modify this default object." But no luck :-(