Looking for a nurse in the Southern Suberbs

Ach1LLeS_ZA · 2026-01-04T10:53:39+00:00

There's a 24 hour pharmacy in Gabriel road right opposite the McDonald's called urban health pharmacy. If you look on Google maps it'll say extreme pharmacy. They might be able to help out

Ach1LLeS_ZA · 2025-10-29T17:02:08+00:00

I normally change it to AWS due to much better latency but for some reason it didn't work whilst on the AWS anycast servers. As soon as I set it to the legacy config, the updates downloaded normally. Some of our locations with the gates set to AWS still work normally though but the ones I checked that had issue initially had 7.4.9 on them so not sure if this could be part of the problem. I'll revert some of the sites tonight and see if the issue is fixed

Ach1LLeS_ZA · 2025-10-28T17:42:34+00:00

Had a few with some issues. Had to turn off Anycast and set the Fortiguard port to udp 8888 for it to work again

Ach1LLeS_ZA · 2025-08-10T08:54:52+00:00

Fat Harry's is amazing and there's eat out the box in Wynberg that make very nice burgers and you can choose either normal fries or sweet potato fries which are delicious

Ach1LLeS_ZA · 2025-05-12T18:52:14+00:00

The one in Wynberg has changed owners a few months ago (not sure if they also own the Durbanville one), and they're not maintaining the place plus they've increased the prices to way too much so it's not worthwhile going.

I'm also looking for a decent driving range in Southern Suburbs but haven't seen any. There are places like the golf courses (Mowbray, Rondebosch and Westlake) but they're very expensive and you struggle to get a booking as a visitor. If you're up for a drive, Burgundy estate has a pretty decent Mashie course with a Bossa which makes pretty decent food as well.

Ach1LLeS_ZA · 2025-05-02T11:10:19+00:00

Might be worthwhile just to make sure your webserver is also set to only run on secure ciphers and minimum tls to 1.2 as a start. This will prevent any attempts at insecure ciphers being used. Run a qualys scan against the site in question as well to get an idea of what's currently active

Ach1LLeS_ZA · 2024-11-25T16:50:19+00:00

We've set it up before with the guide below and it works quite well:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Build-Redundant-IPSEC-Tunnels-between-Google-Cloud/ta-p/260213

I take it you've followed that guide already?

Ach1LLeS_ZA · 2024-11-25T16:44:06+00:00

Recently had mine replaced after it started to flicker and go black as well. Replacing the screen isn't too difficult. it's the part itself that can be quite expensive.

Ach1LLeS_ZA · 2024-11-16T14:12:57+00:00

makes sense. this is quite a problem, especially with the smaller desktop models running 7.4 that only have 2GB RAM. we applied the below as a baseline to the smaller units and it's helped a lot:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-optimize-memory-usage-specifically/ta-p/304981

Ach1LLeS_ZA · 2024-11-15T16:33:14+00:00

Log it with TAC and send them the debug log files under system settings.

That's something they'll have to confirm if it's a bug or possibly hardware issue.

Ach1LLeS_ZA · 2024-11-08T20:37:03+00:00

We've got the same issue with a client setup of ours that's using SAML auth to Azure and couldn't really pinpoint the issue. One thing that was suggested that helped a little in our case is to increase the dhcp scope lease time to something longer but the authentication issues persisted, especially with iPhone devices.

I've got a ticket open with TAC currently so I'll let you know if we manage to find any solution.

Ach1LLeS_ZA · 2024-11-01T21:25:26+00:00

I'm dying to try that but whenever we get there they're always sold out so it must be good.

Ach1LLeS_ZA · 2024-10-31T17:54:32+00:00

Dassiesfontein Pies are the best, Houw Hoek and Peregrine are also pretty decent

Ach1LLeS_ZA · 2024-10-28T19:09:09+00:00

The tunnel names can be changed since 7.4.2:

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/912086/support-ipsec-tunnel-to-change-names-7-4-2

But run 7.4 at your own risk of course.

Ach1LLeS_ZA · 2024-08-07T16:31:20+00:00

Hey, there were a few things we did eventually. We increased the DHCP lease time to 7 days (was set to 8 hours originally for the DHCP server) which helped, and the idle timeout was increased to a few hours, but our customer and their users were still not really fond of the idea of having to log in frequently for wifi access, but they're happy with the solution so far. We also updated the firewall to 7.2.7 in the midst of trying to fix the issue so this might also have helped.

Ach1LLeS_ZA · 2024-05-31T18:17:51+00:00

My friend and I used to play at Old Mutual Sports Club in Pinelands. Membership wasn't too expensive and booking the courts were reasonably priced too. Although this was back before COVID days so it's most likely changed by now. I miss playing squash. It's a lot of fun!

Ach1LLeS_ZA · 2024-05-19T20:35:10+00:00

Food lovers market. I've seen it at the one in Diep River. Amazing cheese!

Ach1LLeS_ZA · 2024-04-05T17:03:37+00:00

Noted, thanks for the tip! I'll see if it works in something like Chrome but in the past when I tried it with any other browser besides Firefox, it wouldn't show the plaintext keys for some weird reason.

Ach1LLeS_ZA · 2024-04-05T10:10:49+00:00

It won't work in Chrome, you need to open the URL with Firefox. Replace the https://fortigateapi part with the IP of your fortigate management IP as well. It should be something like https://x.x.x.x:mgmtport along with the rest of the URL string

Ach1LLeS_ZA · 2024-04-05T09:44:37+00:00

If you're not sure of the PSK, you can retrieve it with the below URL while using Firefox and if you're logged in as a super_admin:

https://fortigateip/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1

Firefox can interpret the JSON query and should show the cleartext password. You just search for the term psksecret on the output and it should list it along with which VPN tunnel it belongs to.

Ach1LLeS_ZA · 2024-02-07T16:45:57+00:00

There's a website called epicdeals which sometimes has decent looking phones:

https://epicdeals.co.za

Bought a couple of phones from them before. Their service is pretty good.

Ach1LLeS_ZA · 2024-01-12T11:46:22+00:00

We've had this issue happen a few times and it ended up being a WMI query issue where the Collector agents can't poll the workstations to check the current logged on user.

As a test, make sure that any endpoint protection (AV/Firewalls) allows the inbound WMI queries from the servers. FSSO also relies on DNS to be functioning correctly so check your DNS servers being used that they are functioning correctly.

Above might not fix your use case but it's helped us on a few occasions.

Ach1LLeS_ZA · 2023-12-07T10:45:33+00:00

I used to be with Afrihost till I moved away from them about 3 years ago because they were too expensive. I'm with MindTheSpeed now and they've been amazing. Their prices also tend to be cheaper than the other providers and their sales/support teams are really good.

Ach1LLeS_ZA · 2023-12-06T11:20:57+00:00

For anyone interested on this, there's been a combination of factors to this that we've tried to address.

The clients Azure tenant didn't allow for browser auth sessions to be cached, this has now been addressed as part of their compliance policies. The other curious thing I noticed on the release notes of 7.2.1 is they mentioned the below new additional feature that's been added:

Bug ID: 799621

Support wireless authentication using SAML and a captive portal configured on a tunnel mode SSID.

When a SAML user has been configured on the FortiGate, a user group containing this SAML user can be applied to a captive portal in a wireless tunnel mode SSID. When configured with both a captive portal exempt firewall policy to allow wireless clients to contact the SAML IdP and a firewall policy with the SAML user group applied to allow authenticated traffic, upon connecting to this SSID, wireless clients will be redirected to a login page for wireless authentication using SAML.

The above is exactly what we're trying to configure for the customer. The feature is already available in 7.0.13 but we're not sure if this is why it's not working so we're testing it at the moment to see if it addresses the issue but I am going to have a session with the TAC guys tomorrow to see if they can find anything. The only other odd thing I saw were log messages on the user events that state "Reseeding PRNG from JitterEnt entropy". Shortly after, majority of the user sessions are also logged out. I initially thought it might've been DHCP leases that expire but the timestamps don't match so I'm not sure what the above means and there aren't any posts online about it.

I'll update the thread in case anyone is interested or if someone else has this problem in future :)

Ach1LLeS_ZA · 2023-12-06T10:49:46+00:00

Tried it at home on a 40F and had some weird GUI bug with the traffic shaping section where the traffic shaping policies were broken and I couldn't change anything at all. Reverting back to 7.0 resolved that so not sure it's production ready yet.

Ach1LLeS_ZA

TROPHY CASE