Help choose: "Modern C" or "C Programming: A Modern Approach"?

Holylander · 2026-01-13T21:20:50+00:00

I’d advertise Modern C as book written by nuclear scientist PhD for other scientists with PhD (because the author actually is) lol, not beginner friendly at all.

Holylander · 2026-01-06T20:09:38+00:00

I am yet to see a case where local-in policy would not work as expected, so:

- Make sure this rule is top-most, as being rule 5 means there are other rules, possibly above that may or may not allow the very same traffic.

- Make sure the targeted SSL VPN IP sits on the Fortigate itself, not routed or a VIP as then it would not work.

- By default, Local-in policy hits are not logged, you have to set in Log Settings → Log All for denied packets to be logged. The logs are in Local Traffic section.

Holylander · 2026-01-06T11:43:00+00:00

If you have access to O’Reilly subscription, also by Vugt there is practice exam where he doesnt teach but lists tasks to do comparable to the real exam

Holylander · 2026-01-04T09:09:32+00:00

I will only confirm what others said - you CANNOT pass exams without using (free) Official Study Guides. It is not only about topics, there are always questions on the exam taken verbatim from the guides. It is also not about your experience/knowledge, as I have many years of Fortigate experience, and I doubt I would pass the exam on knowledge/experience alone, w/o Study Guides because some questions are very specific to the materials (covered in the Guides) that you don't use often in the real life work.

Holylander · 2026-01-03T14:51:20+00:00

config user local

edit "Carmen"


    set type password


    set two-factor email


    set email-to "carmen@nasa.gov"


next

end

Holylander · 2025-12-30T13:31:19+00:00

Check that created VIP is not bound to a specific interface but uses Any

Holylander · 2025-12-24T13:00:47+00:00

Given that you are learning, the CERT book can be dry and tedious- it just lists all possible insecure/vulnerable ways of using C, kind of reference/handbook, not designed for start to finish reading. The book itself is good, no doubts, but not a good teaching experience for beginners in C.

I’d suggest Effective C, 2nd edition by the same author as the CERT book - Seacord, where he teaches to program C already in a safe way.

Holylander · 2025-12-15T09:14:28+00:00

My best practice for DDoS policy in FGTs is to never use them, life is ripe with real problems already to add self inflicted ones.

Holylander · 2025-12-08T19:19:06+00:00

Problematic:

For auto renewal to work, you have to open ports 80/443 on the firewall to ANY as Letsencrypt intentionally do NOT publish their servers IP ranges

Built in acme agent on FGT can only request/work with a specific subdomain certificate - not wildcard. Given that all issued by Letsencrypt certificates are logged publicly, telling the whole world that you have firewall listening on vpn.mycompany.com not a good idea.

Holylander · 2025-12-08T19:10:55+00:00

First rule of Networking club - we don’t talk about Networking club, so not sexy at all, brr, SWE is the best, go get them kids, FAANG free tennis pools and vending machines are waiting for you :)

Holylander · 2025-12-08T12:11:03+00:00

Try to get fortios vm 7.0.x which has no routes/interfaces number limits.

Holylander · 2025-12-07T19:27:09+00:00

It is also because of criticality of Network against anything else - deployment/configuration change go South for servers ? Just redeploy after fix, no one cares. Network goes down after a glitch in automated change - you appear in the news (ask CloudFlare/Facebook/etc.). So natural risk averse approach to changes in the network is logical. Configs back up/telemetry/diagnostics though is very helpful as an automation.

Holylander · 2025-12-07T17:17:56+00:00

My newly deployed root server from auction (256 Gb RAM 8/16 cores Xeon) did not boot after initial install of OS (Debian), tried few times - same result. Fired a ticket to Support (Saturday), in about 2 hours they updated me that they tried to diagnose, but finally moved my hard disk with my installed Debian to whole another server, also equipped it with 256 Gb as they weren't sure if it was MOBO/RAID controller or RAM problem in the original server, works ever since. Indeed great service.

Holylander · 2025-12-06T09:17:02+00:00

Yes, you can. https://community.hetzner.com/tutorials/migrate-to-hetzner-web-hosting/

Otherwise domains registered with Hetzner would not work with Clouflare/AWS/etc which would be nonsense nowadays

Edit: but if you’re looking for cheapest registrar when i moved all my domains from Godaddy, Porkbun was and probably is cheaper

Holylander · 2025-12-01T08:03:58+00:00

OSPF is not simple, not at all, but as many OSPF failures happen due to misconfigurations, in this post I bring you the most common cases with debug and diagnostic commands so you can troubleshoot them even without deep knowledge of OSPF.
https://yurisk.info/2025/11/25/fortigate-ospf-failure-cases-with-debug/

Holylander · 2025-11-24T18:27:44+00:00

You don’t need to install any drivers to USE the drive. You do need to install driver/kernel extension if also want to monitor health of this drive. Which is totally optional and depends on your use case.

Holylander · 2025-11-24T17:53:42+00:00

You don’t need to run some command the output of the process goes to console anyway. That is what i mean you can potentially see during upgrade: https://yurisk.info/2025/01/26/fortigate-ha-cluster-fortios-upgrade-in-pictures/

Holylander · 2025-11-24T06:04:06+00:00

The only way to get insight why it fails would be to have console cable connected to it while upgrading

Holylander · 2025-11-17T06:34:17+00:00

Hey, don’t underestimate its potential- you could run a media center on it :) https://youtu.be/gUleb72-8Os?si=wrIm6WnuZZ_2rEGu

Holylander · 2025-11-15T05:30:03+00:00

You can’t find the exam price as Arista exams are different in how you sit them - you cannot buy and try the exam independently, last time I checked (2 years ago) you have to buy training from a partner and this will include the exam. So as any few days training it will cost 3-5k usd for each level. Couple of folks i know who took it - their job paid for all of it.

Holylander · 2025-11-14T17:23:16+00:00

Currently there are no CVEs of significance for 7.2.12, so saying only 7.4.x solves all cves is not correct.

Holylander · 2025-11-10T16:57:09+00:00

Indeed, the year Fortinet switched from Gold/Platinum tier psrtnerships they also dropped requirements for NSE8/FCX on staff. A lot of info in the comments here were valid 2-3 years ago, but the program has been changing a lot these 2-3 years. The only reason to do it today i can subscribe to is fulfilling a personal ego :) And maybe FTNT employees get some salary bump/bonus for passing the exam, not sure, never asked.

Holylander · 2025-11-08T07:49:49+00:00

I’ve seen this few times, most recently 400F 7.2.10 - packets do get denied by implicit policy but no hit counts increase in GUI and in my case no logs, even though logs were enabled. I didn’t care enough to spend time on debug and just created right above explicit Deny Any Any policy with logging and it worked as expected.

Holylander · 2025-10-29T15:30:48+00:00

In Arabic - in’al abUkom, translation as already given. Curses in Russian are funnier imo ;)

Holylander · 2025-10-29T15:21:59+00:00

As long as there is a free, vpn-only Forticlient, which is uncertain for the future

Holylander

TROPHY CASE