Login

u/DarkAlman

▲ 5 r/fortinet

Disabling Fortilink on a specific VLAN/Interface

Found a few other posts on this, but there were for obsolete firmware versions

Trying to connect 2 distinct sites together using a Point-to-Point wireless device.

There's a Gate and Fortiswitches + APs on both sides, totally independent of each other.

The PtP is plugged into LAN ports on Fortiswitches on both sides, and is just a regular VLAN trunk. So it effectively just acts as a long (but wireless) ethernet cable.

However when we bring the PtP up the Gate discovers the Fortiswitches on the other side (and vice versa) and tries to register them. The interface also switches to 'Fortilink' mode and loses all the VLANs we configured.

Is there a quick way to disable Fortilink discovery on a physical interface? or on that entire VLAN?

We have a dedicated Management network and Fortilink network, there's no need to register Fortilink devices on our LAN for example.

reddit.com
u/DarkAlman — 1 day ago
▲ 2 r/fortinet

Turning a Fortigate into a dedicated AP controller

Will be replacing our Firewall soon with a different brand but hit a snag, we also have FortiAPs and have to keep the Fortigate as a wifi controller for the foreseeable future.

The APs are on the standard LAN network (not a Fortilink) and get DHCP addresses

If I change the LAN IP of the Gate will the APs phone home and find the Gate ok? or will I have to reconfigure them?

reddit.com
u/DarkAlman — 2 days ago
▲ 1 r/fortinet

Setting up a net new IPSEC VPN instance and we need to perform user based access control.

Restricting what users can access what services based on group membership. Restricting access by destination IP + ACL is fine for what we are looking to accomplish.

We are running IPSEC VPN with SAML auth with Okta

Wondering what our options are to implement something like this?

reddit.com
u/DarkAlman — 7 days ago
▲ 2 r/sonicwall

Trying to get SAML authentication (office 365) to work on SSL VPN.

Managed to work through various bugs to the point where is successfully takes the username + password + MFA pin but then the connection just dies with no error.

Logs in the client show it's a permissions error, but can't figure out what's causing it?

05/04/2026 3:52:25 PM Info NELogin Connect is clicked, start connect with connection XXXXXX

05/04/2026 3:52:25 PM Info NELogin Switch to authenticating status

05/04/2026 3:52:47 PM Error NELogin switch to error status,eror:User login denied - User has no privileges for login from that location

EDIT: The Azure AD log shows a successful login for the test user against the Enterprise app, but the log in NetExtender shows above.

reddit.com
u/DarkAlman — 9 days ago
▲ 2 r/sonicwall

Setting up a new NSV instance, trying to apply a geo-ip rule for the SSL VPN.

Normally on an NSA I'd go WAN > WAN and edit the default SSL VPN policy and apply a Geo filter but it's different on the NSV.

I created a similar policy on the NSV WAN > WAN with X1 IP as the destination for the SSL VPN port.

The rule is getting hits, and I can get to the landing page.

But I set a group with the allowed countries, but it isn't filtering. We are using a VPN to connect from foreign countries and it's not blocking them.

https://imgur.com/rK0meOa

u/DarkAlman — 12 days ago