We have recently seen an accumulation of problems with IPSec VPN tunnels. The problem was recognized by Swisscom and fixed with a new firmware. Further information can be found in the release notes (on this page). The firmware version from which the problem was fixed is: 9.52.12 B16++ (June 2023).
After Fortigate upgrade v6.4 > v7.0.1 (or later) the S2S-dialup VPNs did not work anymore. Tunnel negotiation is successful and phase 1 and 2 get up. Traffic from spoke is routed into the tunnel, but is seems that the traffic is not received by the hub.
In the context of SSL VPN, we sometimes receive the question, if it’s possible to assign IP-addresses using an external DHCP server. Unfortunatly this is not possible on the FortiGate. >> Possible since FOS 7.0.6 and FOS 7.2.1.
The good news first: If you’re currently using the FortiClient to establish a Dialup IPsec VPN (Aggressive, PSK based), the same configuration should also work with the native macOS client.
Spoiler Alert! – Since the release of macOS 11.0 aka Big Sur, your FortiClient VPN might not be working as expected anymore if you have already upgraded. There’s a chance you might not have noticed it, in the case that you’re using SSL VPN only in your environment. But as…
Based on two recent support cases regarding the IPsec performance between an OnPrem and Azure FortiGate, we did some testing using the latest FortiOS 6.4.1. We’ve created a basic IPsec tunnel using the wizard, deployed an Ubuntu machine at both sites and used iPerf3 to do some speed testing. The…
Mit dem Release von FortiClient 6.2 wurde der bisherige Full Featured FortiClient lizenzpflichtig und setzt einen FortiClient EMS Server voraus. Im Gegenzug hat Fortinet einen separaten VPN-only Client veröffentlicht. Fortinet beschreibt den FortiClient VPN folgendermassen: For FortiGate administrators, a free version of FortiClient VPN is available which supports basic IPsec…
Due to several known issues, we did not recommend the use of FortiOS 6.2 in productive environments for the first couple of months. As per FortiOS 6.2.5, we noticed that most of the issues have been resolved. Please have a look into our FortiOS upgrade guide for the upgrade procedure.
Ein Subnetz, zwei Standorte. Dies ist auf dem FortiGate seit Version 5.4 auch ohne NAT möglich. Zur Verwendung kommt dazu ein Protokoll, welches es ermöglicht, Layer 2 Traffic über Layer 3 Netzwerke zu senden. Dieses Protokoll heisst Virtual eXtensible Local Area Network (VXLAN) und wurde im RFC 7348 zum Standard definiert….
Sind Sie interessiert, den BOLL Blog als RSS Feed zu abonnieren?