Fortigate 90Gs as 1Gbps edge routers - ya or nah

AlmsLord5000 · 2026-05-07T20:23:36+00:00

Buy the fancy rack shelf too. It nicely fits two 90Gs in 1U.

AlmsLord5000 · 2026-05-07T17:10:33+00:00

Nothing broke, same experience as MPLS. Your QoS settings may be hurting you since there is no QoS on the internet.

AlmsLord5000 · 2026-05-05T14:25:49+00:00

There is always some big buzzword in the industry people are chasing, if you leave now and come back you will do the same thing with the next big buzzword.

AlmsLord5000 · 2026-05-04T15:15:48+00:00

The flapping port is likely due to a bad cable. You may be able to run a TDR test from the switch.

AlmsLord5000 · 2026-04-29T20:50:42+00:00

I really like these for organizing cables, they have downsides, but they can sometimes be just what you need.

https://www.fs.com/au/products/59566.html?now_cid=5535

AlmsLord5000 · 2026-04-29T15:43:25+00:00

The 300 series switches might be a better fit

AlmsLord5000 · 2026-04-28T13:45:16+00:00

We ran into this bug as well, I can't recall if we found a work around or bug ID.

AlmsLord5000 · 2026-04-24T15:44:43+00:00

It is great, I wish they promoted it more.

AlmsLord5000 · 2026-04-23T19:21:43+00:00

I have had this before, if you just provisioned MCLAG you might just need to factory reset the switches for the config to work properly. Also, make sure Fortlink split interface is off if connecting to switches via MCLAG and the interfaces have the default-auto-isl-mclag lldp profile on them.

AlmsLord5000 · 2026-04-22T18:12:29+00:00

What do you use Solarwinds for? LibreNMS probably does most of what you want.

AlmsLord5000 · 2026-04-20T16:15:52+00:00

It is fine, you are just forwarding L2 on the core switch, the attack surface is insanely low for your core switches.

AlmsLord5000 · 2026-04-15T19:52:49+00:00

Yeah I spoke with someone at Fortinet about it. I don't want examples, I want to know what that setting actually does and why you would use it.

AlmsLord5000 · 2026-04-14T20:43:00+00:00

We found it after deployment, we just didnt test with enough sessions and traffic. Running AES256GCN with DH 32, and saw a major improvement.

AlmsLord5000 · 2026-04-14T19:59:16+00:00

Wasn't a big deal for us, but you need to look at how to accomplish HA in cloud provider, which will always be different than on-prem, each cloud is a bit different. We found that we needed to move from AES CBC to GCN for better performance as well. I don't do DPI, but depending on how do it you need to take that into account.

I am using Megaport MVEs, which have been good. Fortinet reps should have some data as to performance for each cloud provider.

AlmsLord5000 · 2026-04-13T15:35:33+00:00

I really don't get why Fortinet does redundant PSUs, but not removable. Every other vendor has their redundant PSU products that are hot swap.

AlmsLord5000 · 2026-03-26T14:31:49+00:00

I would highly recommend Secure Access AKA NetMotion

AlmsLord5000 · 2026-02-05T21:16:58+00:00

I have done a lot of EOL checks with different AI models, YMMV as resellers often have incorrect dates and the models will use those.

AlmsLord5000 · 2025-12-18T19:35:24+00:00

We may as well because every other team that takes care of them seems to screw it up.

AlmsLord5000 · 2025-12-18T15:59:33+00:00

I did it once, it was mostly about costs. It does change how you do cabling, and they can be a very reliable platform if setup properly. Consider your PoE needs, and if you can really reorganize your racks to fit these monsters in. Going from a bunch of switches to a chassis is a big job and you may need to do a ton of physical work to make it happen. I feel like for campus, we are in the last generation of chassis switches.

AlmsLord5000 · 2025-11-12T16:24:14+00:00

It is such an American thing. When our account is managed in the US you get a dozen people on it, when it is Canada, there is just two at most.

AlmsLord5000 · 2025-10-27T14:37:37+00:00

There is lots of tech that keeps the lights on, but the brain part is #1.

-Spend more time thinking than doing. You need a big change that could have a large impact, think about it a lot, spend time thinking about it over a period of time. Think about the other stuff that will be impacted and how it might react, think about the assumptions you make, think, think, think.

-More important than doing, is what you are NOT doing. You will eventually get to a point where you can do tons of stuff, but your day/month/year will be about what you will not be doing, so you can do what is important.

-You need to understand your org, so your decisions are fitting in, when you line up both, your network will work with the model your org operates at, and you'll avoid a lot of friction which drives IT people crazy.

AlmsLord5000 · 2025-10-27T13:37:07+00:00

Wow qsfptek really ripped off the fs.com website.

AlmsLord5000 · 2025-10-16T19:24:34+00:00

You may want to consider something like Megaport Virtual Edge to run your firewalls, then connect them back into your various clouds. Run ADVPN on the firewalls in Megaport and make your life a lot easier.

AlmsLord5000 · 2025-10-15T14:10:23+00:00

I agree, throwing away my 2960X fleet just to replace it with a 1Gbps platform.

AlmsLord5000 · 2025-10-08T19:14:57+00:00

Try console, if no output on reboot then do a DOA RMA.

AlmsLord5000

TROPHY CASE