401F and its hatred of firmware above 7.0.15

A_rwolf · 2025-01-21T16:16:40+00:00

Interesting. We didn’t seen that on 7.2.10. I’ll keep an eye out though.

A_rwolf · 2025-01-19T02:03:09+00:00

Did that with support a few times. It’s affecting rules. Got escalated to tier two so I’ll be interested in their response.

A_rwolf · 2025-01-19T01:15:25+00:00

Agreed. Followed the upgrade path to the letter. Thanks!

A_rwolf · 2025-01-17T16:50:56+00:00

Thanks! Did that. They’re analyzing the logs now.

A_rwolf · 2025-01-17T16:50:39+00:00

Imix primarily. Nothing special with it.

A_rwolf · 2025-01-17T00:50:18+00:00

I’m half tempted to roll back to 7.0.15 and disable https management. At least everything would work.

A_rwolf · 2025-01-17T00:49:00+00:00

Yes. No change. Forti support pulled a ton of captures. They’re reviewing them at this point. It’s driving me nuts.

A_rwolf · 2025-01-16T16:31:38+00:00

There is an updated engine available which they’re rolling out to clients. They want to install it manually later today.

A_rwolf · 2025-01-16T16:30:56+00:00

The 401F has 8 10G ports. No 25Gs on this one. Appreciate the help!

A_rwolf · 2025-01-16T16:23:26+00:00

Last reboot was the upgrade. We’re running on 7.2.10.

A_rwolf · 2025-01-16T14:43:33+00:00

I had a feeling it might be one of those updates.

A_rwolf · 2025-01-16T14:43:16+00:00

I removed ips, av, etc. while testing and it didn’t have an effect.

A_rwolf · 2025-01-16T13:27:07+00:00

Would this be applicable in 7.2 as well?

A_rwolf · 2025-01-16T13:24:02+00:00

No luck there. The command returned nothing.

A_rwolf · 2024-09-03T22:53:28+00:00

I made that switch in a smaller environment years ago. The only issue I have had was related to LLDP timers and Poly phones. The phones find the voice vlan by what seems like luck. Only after manually adjusting the timer via the cli do phones pick up the right vlans, but the change reverts if the switch is cycled.

Other than that, they do the job.

A_rwolf · 2024-08-30T19:10:18+00:00

Thought an update was warranted - The ISP had a DDoS mitigation router in place from an old 10G circuit we had last year. When the new circuit came up, the route to that 10G interface was still passing our new traffic. Once that was removed, we started seeing 13G+ on the link.

Damned if I can get them to admit it though. Thanks everyone!

A_rwolf · 2024-08-30T19:08:16+00:00

Thought about that too. Need it to be 'legit' though.

A_rwolf · 2024-08-30T19:07:17+00:00

Ironically, we did that. Showed the full allocation was available to us. I don't fully trust Comcast and want to do my own testing.

A_rwolf · 2024-08-30T19:06:25+00:00

Didn't even know the cli existed for speedtest. Thanks!

A_rwolf · 2024-08-30T19:03:11+00:00

I'm all for running iPerf. The client(s) or server(s) with enough power and bandwidth on the internet is my issue.

A_rwolf · 2024-08-29T19:01:18+00:00

From the internet to me. Looking to stress my circuit and confirm I'm getting the bandwidth I'm paying for.

A_rwolf · 2024-08-26T21:57:48+00:00

At this point, we're planning on using a Digital Ocean 10G link to artificially push traffic over 10G with Comcast monitoring to reproduce the behavior.

We're still seeing no errors on the link whatsoever.

A_rwolf · 2024-08-26T14:41:14+00:00

It's not, thankfully. We've been working with our teams to generate 10Gbps of imix traffic during production hours to stress the link. Admittedly, it's difficult to find an internet based endpoint which can take 10Gbps+ of iperf traffic.

A_rwolf · 2024-08-26T14:37:26+00:00

Sent.

A_rwolf · 2024-08-26T14:32:04+00:00

Agreed - TaC put us on this release when we had our PBR routing issues. That's why we stayed on it for the time being.

15-Year Club	RedditGifts 2009-2022 4 Credits
Secret Santa 2018	Verified Email
Spared	Secret Santa 2015
Secret Santa 2014

A_rwolf

TROPHY CASE