u/26Jack26

Hello community, I found a situation that O couldn't comprehend 100%.

I have a SPA FG thats learning the FortiSASE users Subent (100.65.x.x) and my SPA FG has another iBGP peering (also a RR client) and for some reason the subnet is not advertised to that Fortigate. I had to configure a static route (100.65.x.x via IPSEC-SASE) and then one the network section, set the subnet to be advertised.

What am I missing here? Wouldn't BGP advertise this subnet in this case as both SASE POPS and my other FG are RR clients?

Hello community, I am looking into deploying templates on FMG but I have a concern.

Do templates get pushed once and thats it? or

Do they get pushed everytime I push anything from FMG?

What happens if I make a GUI change thats contrary to the template, what will take priority?

And most ciritcal concern:

For network changes that get sync from FG back to FMG, What happens if I make a routing change on a network setting locally on an FG, but that setting is managed from a Template in FMG?