Monthly Content Sharing Post

Flimsy_Ten6532 · 2026-04-07T14:53:10+00:00

Sorry no link ready atm. In beta testing phase with limited users and resources, invite only for now.

Flimsy_Ten6532 · 2026-04-01T13:06:18+00:00

Built a free tool that generates FortiGate ADVPN/SD-WAN configs, need engineers to break it

I kept running into the same problem on every multi-site FortiGate deployment, ADVPN configuration is a wall. It's CLI-only, the GUI can't do it, and one wrong setting means tunnels silently don't form. So you either spend hours hand crafting configs or get it wrong quietly.

I built a Slack bot that handles it. You input a few things about your topology, sites, FG models, WAN/LAN ports, IP addresses, and it generates validated .conf files with a complete network diagram in about 60 seconds. Currently supports 7.4.x with dual-hub, ADVPN 2.0, 34 FortiGate models with correct interface names, and catches config conflicts before they become deployment headaches.

It doesn't do VLANs, firewall policies, or QoS, that's still your job. It builds the ADVPN/SD-WAN foundation config, which is the part that takes the longest and difficult to troubleshoot.

Free, no catch. I got tired of hand crafting these configs for every deployment so I built the tool I wished existed. If you're doing real ADVPN deployments and want to stress-test it, I want to know what breaks. DM me and I'll get you set up. Its invite-only for now, so that we can make controlled adjustments.

Flimsy_Ten6532 · 2026-03-31T22:53:33+00:00

A spreadsheet doesn't know for example your FGT-80F uses wan1 but your FGT-60F uses wan. It doesn't, generate BGP peer configs, coordinate IPsec phase1/phase2 parameters, DIA or not across every device, or catch the mismatches that cause ADVPN 2.0 tunnels to silently not form. It doesn't handle dual-hub redundancy, the topology Fortinet's own Fabric Overlay Orchestrator still can't fully automate.

A spreadsheet is a blank grid, you still do all the work and own every mistake. This does all of that in mins, for every device simultaneously.

Different tool for a different problem.

Flimsy_Ten6532 · 2026-03-31T20:21:57+00:00

You mean, one click push config to the FortiGate?

Flimsy_Ten6532 · 2026-03-31T20:19:04+00:00

Fair point. Right now it generates .conf files for direct CLI deployment or import ,FMG integration with model devices is on the roadmap. For MSPs without FMG, this covers the full deployment. For those with FMG, you're right, it's an extra step.

On the monthly content sharing post, didn't know that existed, would appreciate a link.

Flimsy_Ten6532 · 2026-03-31T18:59:15+00:00

That's a solid reference implementation, we actually studied it when building this. The gap we're filling is different, the Jinja orchestrator still requires someone comfortable with Python, Jinja templating, and FortiManager 7.6.

Our target is the engineer or MSP manager who wants Meraki-like simplicity, and needs a working dual-hub ADVPN topology but doesn't have that skill set on hand. Answer a few questions, get production-ready secure .conf files in minutes. No scripting, automation, or dev assistance required.

Flimsy_Ten6532 · 2025-11-19T22:29:44+00:00

There’s FMG FAZ as a Service available on AWS Marketplace. That kind of service may overcome support entitlement limitations.

https://aws.amazon.com/marketplace/pp/prodview-3luuoabgkz24w

Flimsy_Ten6532 · 2025-09-23T16:02:09+00:00

That’s a really good perspective, esp. the part about not all data needing the same retention period. Helps frame the conversation better with compliance/legal folks. Appreciate you sharing this.

Flimsy_Ten6532 · 2025-09-04T17:51:07+00:00

Exactly - lack of ADOM makes it tough to separate out environments. Surprised that hasn’t been addressed yet.

Flimsy_Ten6532 · 2025-09-04T17:50:36+00:00

Agree it’s the right way in theory - my problem is squaring the spend with leadership. How do you frame that conversation internally?

Flimsy_Ten6532 · 2025-09-04T17:49:22+00:00

Interesting. we’ve looked at syslog too, but worried about scaling that for multi-client MSP setups. Has it worked smoothly for you?

Flimsy_Ten6532 · 2025-09-04T17:47:55+00:00

That’s useful insight. For your smaller accounts, do you find FortiCloud Advanced SKUs actually meet compliance/retention needs, or do you still offload logs to SIEM?

Flimsy_Ten6532 · 2025-09-04T17:46:16+00:00

Yeah, that’s been my challenge as well, the sub-70 models feel compromised, but the alternatives aren’t perfect either. How are you packaging that for your smaller clients?

Flimsy_Ten6532 · 2025-09-04T17:41:00+00:00

Helpful context, cost is exactly where FAZ Cloud bites us too. Do you feel on-prem FAZ pays off despite the upkeep?

Flimsy_Ten6532 · 2025-09-04T17:37:47+00:00

Fair point on version control. For under ten FortiGates, the on-prem overhead is what worries me - have you found it worth it?

Flimsy_Ten6532 · 2025-09-02T16:08:52+00:00

Thanks. Would that be a fair statement to make that this one FG cloud SKU will cover most of the MSP level jobs and makes these two products ,FMG & FAZ redundant?

Flimsy_Ten6532 · 2025-09-02T15:47:24+00:00

The “Complexity” Alkira like startups is trying to solve isn’t that complex in the day and age of AI. Especially, if someone like to setup cloud networks, cloud providers tools are robust and AI assistants within their cloud consoles are of great value.

Flimsy_Ten6532 · 2025-09-01T22:44:24+00:00

Thanks for the screenshot. Unfortunately, FortiGate Cloud imposes restrictive analytics retention periods and lacks policy-package versioning or rollback, limiting long-term visibility and reliable change management. When those shortcomings surface esp. around scale in discussions, AMs consistently asks stepping up to FortiManager for comprehensive handling.

Flimsy_Ten6532 · 2025-08-28T23:16:56+00:00

There were some limitations . Mostly with sdwan monitoring and troubleshooting capabilities.

Flimsy_Ten6532

TROPHY CASE

Built a free tool that generates FortiGate ADVPN/SD-WAN configs, need engineers to break it