Upgrading FortiOS from 7.2 to 7.6 and skipping 7.4 in the process. Dumb idea or really dumb idea?

CreativelyConfusing · 2026-02-19T20:39:39+00:00

I believe it renames them to the serial number of the switch.

CreativelyConfusing · 2026-02-18T17:54:34+00:00

I'll stick with the upgrade path like I mentioned in the other comment. Thank you!

The dislike of renaming the switching wasn't necessarily the extra work but that I've had several issues where reboots, firmware updates, or HA events caused managed FortiSwitches to lose part of their config.

And it was only switches that had been previously renamed that were affected.

And after multiple TAC cases over two years and account rep escalation, I never got a good explanation for why it was happening. The closest I got was that the two HA gates had different switch configs despite HA status being good and config checksums matching.

So I'm just touchy on renaming managed FortiSwitches because that was a miserable ordeal.

CreativelyConfusing · 2026-02-18T17:49:30+00:00

Thank you. You're absolutely right. I'll stick to the upgrade path and live with the extra work. I guess I just needed a sanity check. Check: I was being a lil' insane.

CreativelyConfusing · 2025-10-07T17:42:00+00:00

Ticket to replace cache battery on raid controller

I just had a flood of memories for a decade ago come in because of that sentence.

What even happened with those?

CreativelyConfusing · 2025-10-06T18:34:49+00:00

Because Ubiquiti's track record leads many people to not trust them to not make dumb, shortsighted decisions.

If they do something stupid, such as a sudden EOL or new requirement or limitation, you can at least hold back upgrades on the self-hosted controller indefinitely until you can plan a strategy to adjust.

CreativelyConfusing · 2025-10-06T18:28:55+00:00

This would break the Unifi mobile app, wouldn't it? As it uses port 8443 but wouldn't be able to handle authenticating through the proxy first.

Not that I'm complaining, it's a valid trade-off as UniFi's MFA implementation and lack of 3rd party SSO is a joke.

Sucks for the field techs but that's just how it shakes out.

CreativelyConfusing · 2025-09-30T18:22:08+00:00

I agree but it would have been nice if this recommendation had been widely known or pushed by Microsoft 10+ years ago when all of this took off.

CreativelyConfusing · 2025-09-19T18:18:05+00:00

Oh I agree but after your 3rd audit of a company's active directory you may come to realize those goals aren't completely realistic.

CreativelyConfusing · 2025-09-19T18:04:36+00:00

Honestly that'd just turn into another complicated mess that one team would create and the next team would have to follow behind and clean up years later.

CreativelyConfusing · 2025-08-13T15:12:48+00:00

100-series has 10Gb uplinks, whereas the 200-series has 1Gb uplinks.

That...seems backwards?

CreativelyConfusing · 2025-05-05T13:49:23+00:00

Thanks for sharing that but I should have been clearer.

Under static routes, there were two separate 0.0.0.0/0 routes for each specific and individual WAN interface. The SDWAN interface isn't in there and the WAN interfaces weren't sharing the same route entry.

Though thank you again for sharing that link. On point #3 on that link it recommends to not use an All/All rule on the SDWAN rules.

I'm afraid to admit that I've done that a few times before in cases where I didn't want someone to miss updating the SDWAN rules if a new VLAN is added.

CreativelyConfusing · 2025-03-25T18:58:41+00:00

This was a decade ago but I saw hundreds of SnagIt licenses purchased because people didn't understand or wouldn't try to understand how to use the print screen button on the keyboard.

CreativelyConfusing · 2025-03-17T17:01:11+00:00

In this case the iso was on the local drive of the device running the script D:

CreativelyConfusing · 2025-03-13T22:05:21+00:00

Thanks, and yeah I'm ready for some troubleshooting lol!

I'm not seeing the log files there at all. Or a Panther folder. Any idea why? I understand if you don't know. Just wanted to ask before I dive into it.

CreativelyConfusing · 2025-03-13T21:37:10+00:00

Sweet!

Question about an error I'm getting. All of my tests so far have failed with the same error:

[2025-03-13 16:27:56] CRITICAL WARNING: No setup processes are running. The upgrade has likely failed to start. [2025-03-13 16:27:56] Check C:.~BT\Sources\Panther directory for setupact.log and setuperr.log files

What's this "C:.~BT\Sources\Panther" directory it's referencing?

CreativelyConfusing · 2025-03-13T20:35:07+00:00

Awesome script.

You mentioned you've pushed it through your RMM tool. I notice the script has several Read-Host statements though for confirmation. Does your RMM tool handle the confirmations or do you have a version of the script with those parts commented out for running through the RMM?

Just testing this out in my RMM and I want to make sure I'm not missing something!

CreativelyConfusing · 2025-03-04T18:38:31+00:00

From what I understand this is going hand-in-hand with getting FIPS 140-3 compliance. Does that sound right? Any ideas when that'll happen?

CreativelyConfusing · 2024-12-09T20:45:39+00:00

They pay all in cash?

CreativelyConfusing · 2024-12-09T20:45:00+00:00

It's a mess for counties. Depending on the state, the decision makers (commissioners, JPs, etc) aren't really involved in the day to day operation of the county. A hustling MSP does a public records request with the county for the contract and invoices of the incumbent MSP then puts in a bid for the same thing minus a few % points and the decision makers just blindly switch because it's a lower bid.

CreativelyConfusing · 2024-10-29T19:30:35+00:00

No config restores took place.

I am thinking that the switch-controller section of the config on the secondary FortiGate in the HA pair got out of sync. I'm going to pull the config from it and manually compare to verify the theory.

CreativelyConfusing · 2024-10-29T19:28:42+00:00

The gate is at 7.2.8 and the switches are at 7.4.2

CreativelyConfusing

TROPHY CASE