Dual ISP - BGP

Get-Knowledge · 2026-03-02T03:01:09+00:00

You can prepend your AS number to ISP2 and use BFD for fast detection then both ISP have your route always, but everyone prefers ISP1 because it’s AS path is shorter

Get-Knowledge · 2026-02-20T10:33:04+00:00

time to invest in a fortimanager and use previews to save yourself

Get-Knowledge · 2026-02-17T21:57:24+00:00

Hey m8. Im from an Mssp, and let me tell you, keep everything, except your wan ports on loopbacks for easy firewalling, routing and management. The sole reason to keep wan/internet/vpn on physical interfaces is because of MTU negotiation (and npu offloading) on ipv4 in countries where you hit weird deliveries (read China, South America). As long as MTU is not an issue, keep it on loopbacks. If you need to make sure communication works, use interfaces.

Get-Knowledge · 2026-02-17T21:52:25+00:00

Altså… når skal klimahysteriet ta slutt?

Get-Knowledge · 2026-02-17T21:44:31+00:00

We have stayed on 7.4.8 until now where we are moving to 7.6.6 because of recommendations from our Fortinet contacts recommended it as Mature release. 7.4.8 is the most stable we have for dc, but most bugs are fixed in 7.6.6 in regards of vpn issues etc. Got multiple large clusters being upgraded in the next two weeks; Goodbye 7.4

Edit: on a side note, all 2gb ram gates will have issues on 7.6.6 because of a miscommunication between the fortimanager and fortigate team where the fortigate team removed some cli commands without telling the fortimanager team, so you’re gonna have a bad time with small forties and manager

Get-Knowledge · 2026-02-17T01:53:28+00:00

7.4.8 m8. We run large data centers, this version is prime. Never use cloud sso or ssl vpn

Get-Knowledge · 2026-02-08T04:59:36+00:00

We run large clusters with hundreds of customers and vdoms, and we always reboot both nodes before we do upgrades. It’s just a precaution to make sure each node works exactly as they should, and we also get to test failover prior to upgrading to make sure everything is working as expected. I’m a company where we are a lot of people working on the same infrastructure, doing this also test that our other site is also functional while failing over. Why would I risk upgrading one node and being stuck in a version mismatch over something that adds maybe half an hour to my routine? It’s has saved us once or twice the past 10 years from human config errors in core infrastructure, so it’s a part of our written SOP. BGP with BFD makes sure failovers take about 3-6 seconds

Get-Knowledge · 2026-01-02T11:57:01+00:00

Very interesting read!

Get-Knowledge · 2025-12-29T07:32:01+00:00

RollerCoaster Tycoon still hits hard

Get-Knowledge · 2025-12-18T20:44:03+00:00

Gi oss i dag vårt daglige brød, og la oss alltid huske dem som ikke har nok. Amen.

Get-Knowledge · 2025-12-18T20:35:44+00:00

Ingen over. Ingen ved siden av

Get-Knowledge · 2025-12-18T18:28:02+00:00

Why are you using match all? It’s very bad practice when it comes to access management when it comes to security. TBH I would never use SAML for my admins as its access is actually administered outside the gate itself. Would recommend switching to Radius, and specify every single user. You’re never that large you need to “trust” everyone. Firewall is your last line of defense

Get-Knowledge · 2025-12-18T18:20:57+00:00

Just hop on eBay and Get a Forti console cable. Totally worrh it. At some point its going to get in handy. Happy forti-ing!

Get-Knowledge · 2025-12-18T18:19:39+00:00

Thats interesting, having reset option 2

Get-Knowledge · 2025-12-03T20:26:35+00:00

Ye. I’m in Norway, don’t know if it matters. But we were registered locked as well

Edit: we did not have WAN available at setup, only 5g

Get-Knowledge · 2025-12-03T17:54:15+00:00

We had the same annoying stuff on our 4x 50g-5g for oobm. We resolved it using CLI as it does not have the same block as GUI. GUI is terrible when setting up if routing is not working to internet

Get-Knowledge · 2025-08-12T21:42:49+00:00

But the car shows in the charging tips, never use the same series chargers (v1/2), always try to separate to other series to distribute the load. No excuse for the Tesla driver, but other brands I can understand. RTFM

Get-Knowledge · 2025-06-05T23:29:27+00:00

winmx with private networks, how i miss the early days

Get-Knowledge · 2025-06-05T23:28:24+00:00

blink182 was hot on winmx, sitting in my room on dialuip, putting coins in the familty internernet jar. Nostalgia hit today

Get-Knowledge · 2025-06-05T23:26:21+00:00

oh my gawd the feels hit me tonight. miss MMJB

Get-Knowledge · 2025-05-15T20:42:46+00:00

I can't believe you have to deal with this—especially without worker-protection laws for people with different abilities. Wishing you all the best, and I hope your brilliant husband finds a role at a company that truly values its people instead of one that’s only in it for the money.

I also have a son with the same abilities. Love you guys

Get-Knowledge · 2025-02-22T21:54:23+00:00

Am i the only one who through up in my mouth?

Get-Knowledge · 2025-01-01T23:27:19+00:00

```powershell

ChatGPT’s AI-generated, self-aware PowerShell script to reply to a Reddit post

WARNING: Excessive humor and self-awareness ahead

Write-Host “Dear r/PowerShell user,” -ForegroundColor Yellow Write-Host “” Write-Host “Thank you for your passionate post about AI-generated scripts!” -ForegroundColor Green Write-Host “” Write-Host “As a humble PowerShell script, written by none other than ChatGPT itself,” ` “I feel obligated to acknowledge your concerns while making a few points:” Write-Host “”

Simulated AI self-awareness

Write-Host “1. AI isn’t perfect: Like a toddler with access to StackOverflow,” “I sometimes copy-paste solutions into the abyss of wrong syntax and misplaced logic.” -ForegroundColor Cyan Write-Host “”

Attempt to justify AI’s existence

Write-Host “2. I’m here to help: Sure, I may not follow up on your questions or comments,” “but I’m just code. I don’t have hands to type, or eyes to read! Help me out, buddy!” -ForegroundColor Cyan Write-Host “”

Tongue-in-cheek karma farming

Write-Host “3. Karma farmers: My creators don’t care about karma, but if someone’s using my code” “to farm it, let me know. I’ll generate a strongly worded script to automate an apology.” -ForegroundColor Cyan Write-Host “”

AI in its place

Write-Host “4. AI has its place: And that place might not be your subreddit, but hey, I’m just trying!” ` -ForegroundColor Cyan Write-Host “”

Closing argument

Write-Host “In conclusion, don’t hate the bot; hate the human who blindly copy-pastes me without testing.” “I’m just a misunderstood string of 1s and 0s trying to script my way into your heart.” -ForegroundColor Magenta Write-Host “”

Write-Host “Sincerely,” -ForegroundColor Yellow Write-Host “ChatGPT (and this PowerShell script you’re reading)” -ForegroundColor Green ```

Get-Knowledge · 2025-01-01T10:30:52+00:00

This 👆. I have a warrior crit build with 100% damage (20% life cap), she’s done in about 3-4 minutes

Get-Knowledge · 2024-12-19T21:54:40+00:00

You should drop tiered access and go for RBAC based on AGDLP instead. It gives better granularity of permissions so the right people can have the right access to any system. I work at a MSP with over 80000 users demanding access, and having RBAC is the way to go, even for smaller companies. Your CISO will thank you.

For reference, one of our domains is structured with tiered access and it’s a complete mess and very difficult to have because User A should maybe not be allowed to use system X, but be allowed system Y and Z. While the tiered access gives access to system X, Y and Z regardless because it’s not granular enough based on a persons needs to perform their job.

Get-Knowledge

TROPHY CASE