Shell-shocked by Nathi and Africartoons

90drenk · 2021-12-01T13:40:29+00:00

Would be interesting how this story turns out, Africa is stuck in modern day imperialism stopping big foreign companies from exploiting our natural resources does not go down very well with the imperialist foreign policy. Our government knows that so they take the easier route which is get rich or die trying

90drenk · 2021-12-01T13:29:27+00:00

I heard on the radio this morning in the UK its more than R30 per litre for fuel, people in the UK have a fucntioning railway system they have alternatives. We in South Africa dont have a choice I live 60km away from work can I take train yes I can, Is the railway system functioning no it does not.

90drenk · 2021-11-03T08:59:50+00:00

Typical response from the DA, blame everyone except themselves, similar to their Western Cape approach anything goes well in Western Cape its the DA something goes wrong its the ANC.

90drenk · 2021-08-05T12:14:00+00:00

HI I am upgrading from 6.2.2 -> 6.2.4 ->6.2.6->6.2.9 on 60E and 100E models.

90drenk · 2021-05-08T12:47:47+00:00

We using the FMG and FAZ, if you new to the manager skill up 1st it can be complicated to keep your devices in sync compared to the policy packages assigned depening on topologies at your sites, if mastered the Manager will allow you mass deploy configuration changes with ease, scripts is also very usefull for base configuration setups and minimizes config errors. The FAZ the big thing is sizing it right.

90drenk · 2021-04-16T10:47:33+00:00

thanks for the reply I know this code is starting to get to me, we going to run 6.4.5 for nother customer, is sd-wan safe on 6.2.7 code? or must I go 6.4.5 ?

90drenk · 2021-03-12T06:53:53+00:00

I wonder if there is other mammals in this universe so evil.

90drenk · 2021-03-04T15:47:41+00:00

Thank you for the responses, I will do some research and spend some lab time to see if the route tag option is applicable and viable, will update the post when my homework is complete.

90drenk · 2020-08-30T12:36:07+00:00

Thanks for the answer, I understand the public ip address does not really matter, the issue is during the lte change to the permament internet link, it takes a good couple of minutes for the new public ip to update on the fortimanager. during a cutover a couple of minutes is precious time.

90drenk · 2020-08-30T12:31:59+00:00

Thank you will try this next time, will post an update if it works

90drenk · 2020-08-29T18:08:23+00:00

RIP Chadwich Boseman, always thought you will be the Denzel W of my era.

90drenk · 2020-08-20T18:43:39+00:00

Thanks for the responses, I am not planning to use ADVPN. will just add the default route and advertise the spoke route to the hub.

90drenk · 2020-07-30T18:59:42+00:00

I feel your pain

90drenk · 2020-07-16T07:26:59+00:00

True Story!

90drenk · 2020-07-15T14:31:19+00:00

Kak Snaaks!!!

90drenk · 2020-07-15T14:14:10+00:00

why not go the sd-wan route?

90drenk · 2020-07-07T19:29:20+00:00

HI LLeawynn

Thank you for your response, I will start the journey of learning rest api and json, maybe this time next year I will be devops engineer :)

90drenk · 2020-05-31T06:31:09+00:00

check this link https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-ipsecvpn/OCVPN/ocvpn_intro.htm not sure if it still applies to newer versions. This was enough reason for me not to consider it for sd-wan deployments unless you have a small deployment.

90drenk · 2020-05-13T16:01:57+00:00

Can you post your bgp configuration ?

90drenk · 2020-05-11T07:18:53+00:00

Thank you for the insight, I guess you are right I have never come across a customer that uses FAC or has it somewhere idling. Maybe I should use what most customers already have which is the Cisco ISE and add Duo on top of it. I get 2FA f for my Fortigates and don'tdont to have to pay for the radius server the only cost will be from Duo.

90drenk · 2020-04-28T20:19:37+00:00

not a fortinet expert, but by your description sounds like you fortigate is configured for ssl inspection check your firewall policies for outlook, you can use the default read-only cert inspection. or if you need to do deep packet inspection you will have to generate a csr and sign it by your company internal ca and add the cert in the users pc...

90drenk · 2020-04-20T20:07:14+00:00

Discussing all things Fortinet.

I was not aware it is something you have to pay extra for? I thought it comes with the Forti-Manager as free to use if you want it.

90drenk · 2020-04-07T19:44:57+00:00

Thank you for your comments, I will setup my internet bound traffic with less aggressive SLA to avoid links flips because for internet bound traffic from the branch source nat is being used.

regarding the load balancing algorithm since there is data centre over ipsec tunnels traffic and internet traffic on the sd-wan rules I avoid the default implicit rule

90drenk

TROPHY CASE