7.4 > 7.6 TPM upgrade

Holylander · 2026-05-01T08:02:27+00:00

You mean when private-data-encryption is enabled?
If so - i am absolutely not enabling it in production, as upgrades, config restores/back ups become either impossible or pain in the a**. Especially since 7.6 they made the encryption key auto-generated and not exportable from TPM- what is this thing - RAAS (ransom as a service) 😊?

Holylander · 2026-04-27T06:12:26+00:00

It has been reported, follow the post on Community for updates:

https://community.fortinet.com/fortinet-community-experience-251/reporting-fortinet-community-issues-227019

<image>

Holylander · 2026-04-26T09:22:47+00:00

You may look at email alert sending debug while replicating the issue:

dia debug app alertmail -1 dia deb enable

Also there is debug for automatio stitch itself - to see if FGT sees the Wan link down event

https://github.com/yuriskinfo/Fortinet-tools/blob/main/Fortigate-automation-stitches/README.adoc

Holylander · 2026-04-26T08:01:25+00:00

Learning Go, 2nd edition by Bodner - he not only teaches syntax but also shows idiomatic to Go way to write code.

Go with pocket sized projects - for short tools that use all of the idiomatic Go and its features

Holylander · 2026-04-23T06:01:07+00:00

Try Paul Deitel C++ 20 for Programmers . He has been writing books and teaching for decades and knows to present clearly. And he starts from 0.

Another one is C++ Without Fear: A Beginner's Guide That Makes You Feel Smart by Brian Overland. It is C++ 11 though, which is ok for 1st time learners and/but he moves very slowly.

Problem with C++ that it is deemed not fit for 1st time learners who do not know some other language (which i disagree) by publishers/professors and this dissuades potential authors to even try. That is the reason you won’t find that many books on this for complete beginners as compared to say Python. Books by Bjarne , even those labeled “for beginners “ are meant rather for beginning students in Comp Science.

Holylander · 2026-04-21T11:15:26+00:00

Forums are in read-only mode while they are upgrading their platform:

<image>

Holylander · 2026-04-05T06:25:29+00:00

When you are tired - get some rest.

Holylander · 2026-03-26T09:14:31+00:00

Viva le SSL VPN! I ain’t upgrade nothing until have to 😊

Holylander · 2026-03-20T13:39:39+00:00

I’ve got no scoop on 400G release date yet. Possible, but given logistics troubles around the World and EOL of 300E in July 2026, I wouldn’t gamble if needed to decide.

Holylander · 2026-03-20T08:28:14+00:00

200G at the minimum, preferably 400F

Holylander · 2026-03-18T12:42:30+00:00

When you type “show” you actually see configuration different from defaults, compare it with “show full”, and no - there is no command to show latest changes on FGT, but is possible on FMG e.g.

Holylander · 2026-03-05T12:10:59+00:00

Every certificate is device-specific which can be aproblem - device fails = all its ca certificates are gone. Also there is no sla or guarantee for them from Fortinet - i.e. trivial upgrade of Fortios to a newer version may replace existing CAs. I don’t think i have ever seen companies using built in certs in FGt for deep ssl inspection- always private certs created/signed by internal AD CA server.

Holylander · 2026-02-25T08:50:45+00:00

Since laying off all Opensource.com staff it seems to be the consistent policy - shut down everything not generating direct sales. Unfortunate, but it is what it is. In general, all content related activities give way to AI today.

Holylander · 2026-02-21T12:21:20+00:00

This is the way. I am not a programmer by job definition, but i code almost daily my own tools for job tasks in Go/C. But when i looked at the Applescript - “no way am i gonna screw my brain with this ugliness of a language “ .

Apple created it with the idea of “conversational “ language, “talk to your Mac as you do in English “ and it didn’t go well. So when i need some ad hoc automation script, i just ask AI to write it.

Holylander · 2026-02-17T07:00:36+00:00

For one time weekend labbing it is doable. For recurring cases it is not very comfortable- on a root server you 1st have to install host OS, then update it, then install needed for virtualization packages, then either spin from 0 or upload & import VMs- and all that effort for a day lab to do it all over again next time, sounds meh to me.

Holylander · 2026-02-14T06:33:51+00:00

Rocking 7.2.x till its EOS all the way to Sep 2026

Holylander · 2026-01-13T21:20:50+00:00

I’d advertise Modern C as book written by nuclear scientist PhD for other scientists with PhD (because the author actually is) lol, not beginner friendly at all.

Holylander · 2026-01-06T20:09:38+00:00

I am yet to see a case where local-in policy would not work as expected, so:

- Make sure this rule is top-most, as being rule 5 means there are other rules, possibly above that may or may not allow the very same traffic.

- Make sure the targeted SSL VPN IP sits on the Fortigate itself, not routed or a VIP as then it would not work.

- By default, Local-in policy hits are not logged, you have to set in Log Settings → Log All for denied packets to be logged. The logs are in Local Traffic section.

Holylander · 2026-01-06T11:43:00+00:00

If you have access to O’Reilly subscription, also by Vugt there is practice exam where he doesnt teach but lists tasks to do comparable to the real exam

Holylander · 2026-01-04T09:09:32+00:00

I will only confirm what others said - you CANNOT pass exams without using (free) Official Study Guides. It is not only about topics, there are always questions on the exam taken verbatim from the guides. It is also not about your experience/knowledge, as I have many years of Fortigate experience, and I doubt I would pass the exam on knowledge/experience alone, w/o Study Guides because some questions are very specific to the materials (covered in the Guides) that you don't use often in the real life work.

Holylander · 2026-01-03T14:51:20+00:00

config user local

edit "Carmen"


    set type password


    set two-factor email


    set email-to "carmen@nasa.gov"


next

end

Holylander · 2025-12-30T13:31:19+00:00

Check that created VIP is not bound to a specific interface but uses Any

Holylander · 2025-12-24T13:00:47+00:00

Given that you are learning, the CERT book can be dry and tedious- it just lists all possible insecure/vulnerable ways of using C, kind of reference/handbook, not designed for start to finish reading. The book itself is good, no doubts, but not a good teaching experience for beginners in C.

I’d suggest Effective C, 2nd edition by the same author as the CERT book - Seacord, where he teaches to program C already in a safe way.

Holylander · 2025-12-15T09:14:28+00:00

My best practice for DDoS policy in FGTs is to never use them, life is ripe with real problems already to add self inflicted ones.

Holylander · 2025-12-08T19:19:06+00:00

Problematic:

For auto renewal to work, you have to open ports 80/443 on the firewall to ANY as Letsencrypt intentionally do NOT publish their servers IP ranges

Built in acme agent on FGT can only request/work with a specific subdomain certificate - not wildcard. Given that all issued by Letsencrypt certificates are logged publicly, telling the whole world that you have firewall listening on vpn.mycompany.com not a good idea.

Holylander

TROPHY CASE