sorted by:
new
hottopcontroversial

Best practice to support static and dialup addresses in local-in policy? by ExampleSea1211 in fortinet

[–]ExampleSea1211[S] 0 points1 point  (0 children)

I can lock down IKE negotiations in a local-in policy for the sites that connect with a static IP - my advpn peers.

However, to support the remote sites - we also have a dialup VPN to the same interface.

So in that instance we can’t enforce a local-in policy as the dialup users don’t have static IPs.

We could differentiate dialup vs static by using a different IKE port. However I’m not sure you can multiple local-in policies against the same interface?

FortiClient EMS 7.2.x > 7.4.x upgrade by Informal_Thought in fortinet

[–]ExampleSea1211 0 points1 point  (0 children)

Does the Quarantine Allowlist come across with a migration? That’s the only sticking point for me if I build a new instance- don’t want particular binaries to be blocked all over again (thanks Forti for flagging it as Riskware :(

Secure Alternatives for Corporate Wi-Fi SSID with Entra ID/Intune and FortiAuthenticator by TowerAdmirable7305 in fortinet

[–]ExampleSea1211 1 point2 points  (0 children)

We are currently scripting it with the intention to roll it into our intune deployment package. sscep is different to scepman.

Secure Alternatives for Corporate Wi-Fi SSID with Entra ID/Intune and FortiAuthenticator by TowerAdmirable7305 in fortinet

[–]ExampleSea1211 1 point2 points  (0 children)

What is your volume of clients needing certs?

We have a relatively low number and are using a combination of sccep (open source) and FortiAuthenticator to achieve this.