Connected monitored ports > Priority > System uptime > FortiGate serial number

Connected monitored ports > System uptime > Priority > FortiGate serial number

Connected monitored ports > Priority > HA uptime > FortiGate serial number

Connected monitored ports > HA uptime > Priority > FortiGate serial number

The intrusion prevention security profile must be enabled when using flow-based inspection mode

The option to send files to FortiSandbox for inspection is enabled

The firewall policy performs a full content inspection on the file.

Flow-based inspection is used, which resets the last packet to the user

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings

The Service DNS is required in the firewall policy

The user is using an incorrect user name

The Remote-users group is not added to the Destination

No matching user account exists for this user

On HQ-FortiGate, disable Diffie-Helman group 2

On Remote-FortiGate, set port2 as Interface.

On both FortiGate devices, set Dead Peer Detection to On Demand

On HQ-FortiGate, set IKE mode to Main (ID protection)

Pre-shared key and certificate signature as authentication methods

Extended authentication (XAuth) to request the remote peer to provide a username and password

Extended authentication (XAuth) for faster authentication because fewer packets are exchanged

No certificate is required on the remote peer when you set the certificate signature as the authentication method

Traffic matching the signature will be allowed and logged

The signature setting uses a custom rating threshold

The signature setting includes a group of other signatures

Traffic matching the signature will be silently dropped and logged