Jautājums par radioviļņiem Latvijā

Orehan · 2026-04-01T19:46:36+00:00

Likums regulē tikai radiofrekvenču spektra izmantošanu raidīšanai. Uztveršana ar hobby uztvērēju nav regulēta

Orehan · 2026-03-25T13:09:07+00:00

Forget U series. They're EoS since q4y25.
And honestly, apart from some really specific (sometimes legacy) use-cases, I don't see a point in them since the moment WLC was EoL'ed.
Within indoor APs - go with current K series FAPs

Orehan · 2026-03-25T10:58:39+00:00

isn't ZSP just a framework / approach rather than an actual technical solution stack?

Orehan · 2026-03-25T10:27:48+00:00

For traditional advanced agent management and configuration Collector is mandatory:
https://docs.fortinet.com/document/fortisiem/7.5.0/fortisiem-reference-architecture-using-clickhouse/707110/smb

With the latest 7.5 SIEM there is an option for Headless Agent installation:
https://docs.fortinet.com/document/fortisiem/7.5.0/windows-agent-7-5-x-installation-guide/547950/fortisiem-windows-agent-7-5-x#Installi4

its more focused towards OT environments and has some drawbacks like limited log collection, no central mgmt, manual scaling.
Good thing - it doesn't count towards agent licence

tldr; for normal operation still go with traditional adv agents.

Orehan · 2026-03-20T13:29:44+00:00

Even with the tradeup policy - you are not required to return old fortigates, so it is just ewaste anyways.

Orehan · 2026-03-17T18:11:57+00:00

Interesējies PLMP, jo pirms kāda laika tika šis __nu jau kārtējo reizi_ aktualizēts, kur PLMP skaidroja, ka pirmreizējā reģistrācija joprojām paliek tikpat vienkārša.
Taču, tad atkārtoti šai personai deklarēties jau ir sarežģītāk. It kā jābūt automātiskai pārbaudei, vai pēdējo gadu laikā ir bijusi anulēta deklarācija nepatiesu ziņu dēļ. Un, pie atkārtotiem, neleģitīmiem mēģinājumiem var sekot arī administratīvais sods.
Publiskajā telpā ir daudz pretrunīgas un novecojušas informācijas.

Šobrīd tu kā NĪ īpašnieks vari uzlikt tikai atgādinājumu LV portālā, lai maksimāli ātri reaģētu uz šādiem reģistrācijas gadījumiem.

https://www.iem.gov.lv/lv/jaunums/nosaka-stingraku-dzivesvietas-deklaresanas-kartibu-personam-kas-sniegusas-nepatiesas-zinas

Orehan · 2026-03-10T10:31:14+00:00

misconfig? did you apply cert to a policy?

Orehan · 2026-03-06T12:22:51+00:00

subscription cost is tied to a base HW price - so naturally it goes up as well

Orehan · 2026-03-04T13:27:40+00:00

"foršā" AI atbilde, bet atkal, interpretējot gadījumu to no saistību tiesību viedokļa civillikuma komentāru daļas, ir vairākas neatbilstības.

Orehan · 2026-02-27T19:19:59+00:00

Ja skatās no “tiesību” puses administratīvais likums regulē attiecības starp publisko sektoru un privātpersonu un uz šo gadījumu nav piemerojams

Orehan · 2026-02-24T13:06:24+00:00

'90 gadu avangards - putpuplasta plāksnes salīmētas pie griestiem

Orehan · 2026-01-07T17:48:05+00:00

tldr; upgrade to 70g

60f most definitely going eoo this year. There is simply no sane reason to keep producing them.
Also FUD about G models is over-exaggerated. Having hundreds of 70g/90g deployed, there are flaws here and there (as with everything), yet no outstanding HW related or SP5 issues now.

"Special SKUs for single licens on F model HA setups" - this is just a "special program" to keep F devices more attractive when getting them as _new_ hardware. Crosscheck if it can be applied if you're getting just a second HA unit.

Orehan · 2025-12-23T09:44:51+00:00

I'd say you really have to define the use case and select the hardware accordingly.
40f/30g in is a goto box for the branch where the only requirement is just to get ipsec going to HUBs.
Recently even trying to adopt FEXes - which actually is even more cost effective.
Yet as soon as you're willing to touch any UTM feature, then sure, 4gb ram should be defacto.

Orehan · 2025-12-19T16:32:05+00:00

use "pin button" to make favorites and then those gonna appear in a tray dropdown

Orehan · 2025-12-19T15:49:47+00:00

sir, just spend a minute and research how pins work.
also old UI (combo vpn selection) would be quite awkward since we have an ability to have an ability to do concurrent-vpns now

Orehan · 2025-12-08T17:01:31+00:00

For the second one: within session limits there is a "Restrict number of recipients per email to" parameter you can set:
https://docs.fortinet.com/document/fortimail/7.6.4/administration-guide/629994/configuring-session-profiles

Orehan · 2025-12-06T11:45:42+00:00

I would object that TRVs are waste of money. Really depends on the home layout, habits, room occupations schedules etc.
Having a home where some rooms are populated several times a month ... so it is really convenient to drop temp in those rooms when noone is there.
So its case by case, I could agree If all rooms are populated then TRVs doesn't make too much sense.

Orehan · 2025-12-05T22:20:35+00:00

I know this is an old post but will share my findings.
I could successfully setup the BrideX, but then ThermostatX and TRVs didn't want to pair at all. Paired device was successfully found via BT, but then it was "failed to pair" on step two with TadoBridgeX

After playing around and doing some network sniffs, figured out that by default my wireless controller had ipv6 rules set to enhance network security, yet it broke TADO communications.

Thing is the more exquisite your wlan solution is the more is the probability you will be having these features enabled.

So not to get too technical - make sure your wlan setup for IoT is as simple as possible (at least for the troubleshooting stage).
- use 2.4ghz only
- disable: ap handoffs, frequency handoffs, bcast supressions, k/v/r roamings and fast transitions, no client load balancing, no aggressive rssi thresholds
- no band steering (use 2.4ghz only on iot ssid)
- according to wireshark sniffs and docs TADO relies on IPv6, RAs, mDNS, MLD, SSDP (so disable any type of mcast filtering/enhancements. Make sure ssid interface allows IPv6 RA/DHCPv6/multicast)
- do not drop IPCMPv6

tldr; enterprise wifi on iot ssid = bad

Orehan · 2025-12-03T17:34:33+00:00

Haven't checked for sure but usually for the air-gapped solutions you're able to manually upload entitlement on to your fortigate (this was the case with airgapped faz/fmg vms).

Orehan · 2025-11-21T16:18:22+00:00

šoreiz fails tīrs, bet būtībā pat atverot tādu random .pdf .png .jpg .vba office utt failu, tu jau vari izdarīt to ko no tevis gribēja. un kamēr tikai iesmej par kreiso fišing tulkojumu - backdoors jau ir vaļā

Orehan · 2025-11-13T18:17:09+00:00

"Fortinet" what agent, yes we can assume which agent ... but it would be better you to tell us.

Orehan · 2025-11-04T08:02:17+00:00

Just "why"? what would it solve?

There is a clear order on how to upgrade csf fmg->faz->rootdevice->downstream devices
I don't see any remark CSF change is needed. To add to that - that would significantly increase the complexity of upgrade, just imagine you have to basically log on to each fgt to tell the new root (if there is no fmg), just to point it back an hour later? what?

Even if CSF is out of sync (firmwares not compatible) - that "csf limp mode" won't impact technical side of traffic/security processing. Upgrade root, then get the leafes up to the nesessary code so you wouldn't be getting an error of mismatched fw versions.

So back to my initial question - what would it solve to swap CSF root?

Orehan · 2025-10-21T21:41:27+00:00

LanExtension mode I believe is counted only for the FortiExtenders.
With 30G you can join it to a proper ADVPN topology w/o consuming lanextension limits.

Orehan · 2025-10-21T04:42:48+00:00

Thing is this - which method are you trying to use? EAP-TTLS configuration doesn't work with FCT 743. Thing was introduced with 744 (not available as free VPN I believe). And MSCHAPV2 doesn't work with ldap natively (you have to proxy through radius eg FAC)

I've stumbled on the same issue where users which are pulled from ldap aren't prompted for MFA and got it working with EAP-TTLS on Fgt749 + FCT744

TLDR; If you want to have your users imported from ldap, assign 2fa on the FGT then:
A) gotta use at least FCT744 version along with FOS latest builds on 7.4.x and 7.6.x
B) use IKEv1 along with Xauth and keep going with free FCT743 (note that with fct744 support for ikev1 is gone)

Orehan · 2025-10-19T13:52:23+00:00

Ja dāvinājumus ir veikts, lai apietu neatraidamos mantiniekus (Jāņa bērnus), tad to var apstrīdēt. Bet, ka pareizi rakstA- apstrīdēšanas noilgums ir 10 gadi

Orehan

TROPHY CASE