How funny to read the website just below yours in a google search for Dencor.

Then to go to YOUR site and see there is no link at all for support.

Get a hint buddy, no one will buy your product if they cant get support from your website.

I’m an operating building engineer in a high rise hotel. One of the first things I look for on a products website is if there is a support link.

If it doesn’t exist, and I have to even email for support, I DO NOT buy from that company as it shows a complete lack of consideration for the buyer/end user.

Not to mention that if I cant get documentation for the product from the website itself, when I need this info when the company’s offices are closed (after hours), then that company is useless to me.

In that case, I will buy from someone who better supports their product.

Its the 21st century. Get with the plan or watch your company pass into oblivion.

I’m speaking as a professional, not a homeowner. That you would treat homeowners wanting info on your product with such disregard is shameful.

You are not Microsoft.

Don’t act like you are such a big company that you don’t have to care.

Maybe you really just do not care.

I’m glad I don’t work for you or your backwards thinking company.

That you do not even have an email address with your comany’s url really shows how behind you are compared to “real” businesses. (do you even know what a url is?)

Really, an aol.com email address for your professional contact info? I could never take your company seriously if you can’t even afford email using your company’s url.

So, good luck surviving in the 21st century.

And stop picking on the little guy (residential customers.)

Bullying is no longer in fashion. See what happens when you bully people. They get pissed and get guns and do horrible things.

It happening all over the country lately.

Shameful as it is. People with attitudes like yours cause those type of events.

No this isn’t any kind of threat. Just letting you know that bullies like you, when you act the way you do, affect EVERYONE in this country.

So…

Stop…

Being…

A…

Dick-head…

Somehow, I’m guessing your employees feel the same way about you.

I just cant wait for your intelligent (NOT) response.

I had set the weights but still had problems and noticed that from customer side a trace route used the route set by fortigate bgp weight but on the AWS side the other route was always used. As a test I set the foritgate to enable asymetric routing and the problems cleared.

When the fortigate bgp neighbor weights were reversed connectivity became stable.

config router bgp
config neighbor
edit [Neighbor IP for Tunnel #1]
set weight [some integer value]

But I couldn’t find any docs on what that weight value means or even if that is the appropriate value to modify.

thank you for sharing your configuration, I just spent 2 days connecting my Fortinet to my VPC and your article was very helpful.

There’s just 2 points I’d like to debate with you :

- I did not enable asymmetric routing as it is not recommanded in the documentation because “Fortinet will become a stateless firewall”. I asked help to Amazon for setting up my VPN and in the discussion, the guy told me : “We strongly recommend that you have both tunnels up as we will at times take one tunnel down for maintenance. It is only guaranteed that one of your tunnels will be up so it’s important to have this redundancy”. So in my opinion there are 2 tunnels for high-availability and not for load-balancing, I don’t think packets will go to one path and come back from another.

- in the BGP configuration you used the first Inside Virtual Private Gateway address, why ? Why not the second one ? And why not the Customer Gateway address ? I’m quite not sure about what to fill, anyway I just wanted to tell you that I put my Outside IP Addresses Customer Gateway and it is working.

Herve

Don’t quite get that tho’, because opposed to what you did here I put the 2 IPSec interfaces in 1 zone, which allows me to just create 2 firewall rules (internal -> AmazonZONE & AmazonZONE -> internal).

Was hoping the zoning of the interfaces would have made it clear they’re the same zone and thus routing, but apparently doesn’t work that way. Does ease the firewall configuration tho’ .

Would suggest these changes thus (might contain typos):

conf sys zone
edit “AmazonVPC”
set interface “amazon1″ “amazon2″
next
end

and then just make firewall rules from srcintf “AmazonVPC” to internal and vice versa. You’ll have less room for error, in the current setup one interface might allow (or disallow) traffic where the other does not (if working with more firewall rules obviously ).

Thank you very much again

Cannot get traffic through.
Strangely enough, traffic from Amazon to localnet appears in firewall reject log, although I clearly defined broad accept rules.
What could it be? Reboot required?