1) 1G SFP in 10G port on Fortigate 3700D to build Port-channel with Cisco N5K. It must use 1000Auto on Fortigate side, otherwise port-channel won't come up.
2) Trust subnet configured under admin account will impact data port Ping traffic as well (not only the admin login traffic). It will block Ping on the data port as well, even Ping is allowed, as long as the subnets are not in the Trust subnets range, ping will be dropped.
No comments:
Post a Comment