Jump to content


0

help fortigate expert


7 replies to this topic

#1 neelk

neelk

    Advanced Member

  • Members
  • PipPipPip
  • 74 posts
  • 9786 thanks

Posted 24 April 2019 - 06:02 PM

recently i config fortigate 60e forti v6.0.4 build 0231. as i know drop packet coming from outside to inside by default,
but it allow any desk remote from outside to in without open any port.
config blew

Edited by neelk, 25 April 2019 - 06:51 PM.


#2 n3tw0rkn3rd

n3tw0rkn3rd

    Member

  • Members
  • PipPip
  • 26 posts
  • 3637 thanks

Posted 24 April 2019 - 09:57 PM

It sounds strange. Was it running properly before or not at all from the beginning?

I would check what is currently under SSL-VPN tunnel interface policy ? If possible (with less or no impact to your production network), you can try to disable this policy and try again.

#3 neelk

neelk

    Advanced Member

  • Members
  • PipPipPip
  • 74 posts
  • 9786 thanks

Posted 24 April 2019 - 11:05 PM

@ n3tw0rkn3rd

from beginning i  installed it two days before and now  i upgrade firmware to 5.6.6 and 5.6.8
all config

Edited by neelk, 25 April 2019 - 06:51 PM.


#4 mlordx

mlordx

    Member

  • Members
  • PipPip
  • 17 posts
  • 371 thanks

Posted 25 April 2019 - 01:11 AM

Enable logging for all sessions on all the policies. Then check under logs which policy is letting it in.
You might also wanna run a debug while attempting connection from outside.

diag debug flow filter addr <source-IP>

diag debug flow trace start 100

diag debug enable


#5 n3tw0rkn3rd

n3tw0rkn3rd

    Member

  • Members
  • PipPip
  • 26 posts
  • 3637 thanks

Posted 26 April 2019 - 02:11 PM

@neelk, as suggested by mlordx, you can check the logs to figure out what is going.

Another option is to contact Fortigate Support/TAC.

#6 neelk

neelk

    Advanced Member

  • Members
  • PipPipPip
  • 74 posts
  • 9786 thanks

Posted 26 April 2019 - 05:17 PM

thank you for all  really helpful
i studied  routehub old material and i download some books but i need to go more advance
if any one have book config cli i will be thankful for that to share
thanks for all

#7 dadiprasad

dadiprasad

    Member

  • Members
  • PipPip
  • 21 posts
  • 10117 thanks
  • LocationMatrix

Posted 02 May 2019 - 04:25 AM

View Postneelk, on 24 April 2019 - 06:02 PM, said:

recently i config fortigate 60e forti v6.0.4 build 0231. as i know drop packet coming from outside to inside by default,
but it allow any desk remote from outside to in without open any port.
config blew

If the application is opened and running in your system there is no need of wan to lan policy it is state-full inspection

#8 tinkie

tinkie

    Advanced Member

  • Members
  • PipPipPip
  • 94 posts
  • 4404 thanks
  • LocationThe Interwebz

Posted 09 July 2019 - 01:18 PM

The official materials for the 5.6 and 6.0 are available in the shares section.


View Postneelk, on 26 April 2019 - 05:17 PM, said:

thank you for all  really helpful
i studied  routehub old material and i download some books but i need to go more advance
if any one have book config cli i will be thankful for that to share
thanks for all





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top