I have a 100D running 5.4.8 with an HTTPS type virtual server VIP, and
https://www.ssllabs.com/ssltest/analyze.html is marking the site in
question as vulnerable to ROBOT (Return of Bleichenbacher's Oracle
Threat) attack. The VIP settings are current...
I'm trying to consolidate several WAN links on a 100D running 5.4.5 into
a WAN LLB link, and there is a problem: we're using SSL VPN full tunnel
mode (not split tunnel) and there does not appear to be a way to create
an ssl.root -> virtual-wan-link p...
According to hardware acceleration handbook, traffic that goes over
inter-VDOM links can be offloaded to network processors via a special
kind of VDOM link. I have a Fortigate 200B (includes NP2) in one
location, and a Fortigate 200D (includes NP4lit...
Major bug in glibc affecting DNS lookups, potential remote code
execution - https://access.redhat.com/security/cve/cve-2015-7547 Is
FortiOS vulnerable, and if yes, what versions?
I' m trying to deploy an HA pair of FortiGate-VM appliances under
Hyper-V. Standalone they work fine, but as soon as I change HA mode to
a-p or a-a, they lose network connectivity on everything except the
cluster management port(s), and the cluster n...
The firewall always has a configuration, even if it's the default one,
and this configuration gets converted during upgrades. The conversion
scripts that run as part of a software upgrade are built and tested only
for a limited number of versions, he...
Exactly, and you can still use SSL VPN with WAN LLB - you can select the
individual WAN interfaces in SSL VPN settings as available for incoming
connections, and you can create ssl.root -> whatever interface policies
just fine, so split tunnel mode w...
I opened a ticket with support and they told me as much. I suppose I'll
have to use zones when I need full tunnel VPN, same way I did before
they added WAN LLB in 5.2.
