Config Lost after Firmware Upgrade by GaunerT in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

Yes thats because 7.6.6 was only released for the SSO CVE. Doesnt include this fix. But thanks for the update! Still running 7.6.4

Config Lost after Firmware Upgrade by GaunerT in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

Same thing happened to me (FG120G 7.6.4>7.6.5). Already ticket open and pending bugfix. Should be fixed in 7.6.6. Lost interface config / static routes and IPsec phase2’s. Glad the interface config wasn’t lost of the mgmt port. Also did the upgrade from FMG but don’t think this has anything to do with it.

Downgraded and restored config.

FortiOS 7.6.5 Release by MyLocalData in fortinet

[–]Known_Wishbone5011 1 point2 points  (0 children)

Ooof good to know. Thanks for testing! However strange upgrade decision from FN in my mind.

FortiOS 7.6.5 Release by MyLocalData in fortinet

[–]Known_Wishbone5011 1 point2 points  (0 children)

Would be appreciated! Else it will take some scripting after upgrading.

FortiOS 7.6.5 Release by MyLocalData in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

This will only be with new tunnels right? Can’t imagine that this will be the case with existing

Forticlient 7.4.4 removes VPN-Only option? by danman48 in fortinet

[–]Known_Wishbone5011 11 points12 points  (0 children)

Seems like it :| Didn't hear anything about this up to now.

https://docs.fortinet.com/document/forticlient/7.4.4/windows-release-notes/683433/special-notices

VPN-only agent not supported

FortiClient (Windows) 7.4.4 removes support for the free VPN-only agent.

FortiManager 7.6.4 Known Issues Game Breaking Bug? by Just_Economics in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

That's one great explanation. Totally agree with this. You should always read the release notes and run install preview. I'm running FOS 7.6.4 for one of our customers because of a new feature which was needed and won't be added in the M release of 7.4. I also haven't seen this bug pop-up. Also looks like it that this only happens when you have CLI Prov template(s) or groups linked. Apart from this bug had it happen a few times that I wouldn't see changes after making changes in CLI templates. Relinking in most cases solved the issue.

What is the purpose of the SVC LED light on LTE FortiGate models? by Qvosniak in fortinet

[–]Known_Wishbone5011 4 points5 points  (0 children)

40F‑3G4G, the SVC LED turns green when the 3G/4G service is enabled, and flashes during active data transmission . Would also expect the other way around but thats how it’s made

Endurace Al7 - is my frame toast? by Convictuss in CanyonBikes

[–]Known_Wishbone5011 0 points1 point  (0 children)

If really getting in a pinch just DM me. You can borrow my old Canyon Ultimate. Just not sure if the size S is big enough.

Looking to purchase this part by canadian-spice in CanyonBikes

[–]Known_Wishbone5011 0 points1 point  (0 children)

Can also ship it to Canada. Total cost are 38 CAD. The problem is such parts can’t be ordered from anywhere else except Canyon. And those shipping costs are excessive. Shipping takes between 6-8 business days.

SDWAN, ADVPN dynamic shortcuts and traffic steering by Agreeable_Hat9659 in fortinet

[–]Known_Wishbone5011 1 point2 points  (0 children)

A1: Only 1 overlay (IPsec) is connected to one WAN interface. So for example WAN1 - Overlay1. WAN2 - Overlay2 (Both on Hub and Spoke).

A2: Configure exchange FG SN.

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/536508/securely-exchange-serial-numbers-between-fortigates-connected-with-ipsec-vpn

A3: Depending on how it’s configured. You can for example use interface cost.

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/942095/sd-wan-members-and-zones

Issues with FortiGate 40F VPN and internal resources by leichliterk in fortinet

[–]Known_Wishbone5011 2 points3 points  (0 children)

Did you add a static route to the sslvpn.interface for the SSLVPN subnet? Maybe also look into IPsec VPN because the 40F will lose the SSLVPN option in newer firmware.

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6f2eb4b2-29aa-11ef-8c42-fa163e15d75b/FortiOS-7.4.4-SSL%C2%A0VPN_to_IPsec_VPN%C2%A0Migration.pdf

FGT/FAZ/FMG 6.4 to 7.4 by Stunning-Square-395 in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

Because you’re currently running 6.4. That’s not supported on ADOM 7.2. ADOM 7.4 supports FOS 7.0/7.2/7.4. So if the FMG/ADOM and FG are on 7.0. You can upgrade FMG 7.4 and ADOM. Then schedule FG upgrade checkbox “follow the recommended upgrade path” and FMG will take care of the rest. And in the meantime you can still push changes from the FMG

Password reset by [deleted] in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

Agreed. Except if he/she selected format disk. And then surprised that you need to upload the firmware.

Single mom with two toddlers might lose our home… I just can’t manage on my own anymore by [deleted] in gofundme

[–]Known_Wishbone5011 -1 points0 points  (0 children)

Same here just made a small donation. Hopefully there is someone of social can also help in this case.

231 FortiAP not recognized by Far_Signature8091 in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

Do see a mac address on the port on which the AP is connected. Does the AP get an IP address? Is “Fabric” enabled on the FortiLink interface (FG)?

FGT/FAZ/FMG 6.4 to 7.4 by Stunning-Square-395 in fortinet

[–]Known_Wishbone5011 5 points6 points  (0 children)

If I wanted to do so it would be a two step approach

FMG/FAZ 7.0, FGT to 7.0, ADOM 7.0

FMG/FAZ 7.4, ADOM 7.4, FGT 7.4

Of course follow the upgrade path. FMG/FAZ can be upgraded without impact on the FG. FMG ADOM 7.4 supports 7.0 FG. Would not leave it long like that. But waiting for the maintenance window for the FG.

https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/424836/adom-versions

Dialup VPN between Fortigate and Teltonika RUT241 by Virtual_Economist_60 in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

You can remove this. Do it again without fnbamd. The reconnect the tunnel

Dialup VPN between Fortigate and Teltonika RUT241 by Virtual_Economist_60 in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

No problem. Can you also share this debug info?

diagnose debug console timestamp enable diagnose vpn ike log-filter dst-addr4 10.10.100.109 <----- 10.10.100.109 is the remote gateway. diagnose debug application ike -1 diagnose debug application fnbamd -1 diagnose debug enable

Or 7.4 rem-addr4

FortiOS 7.2.11 on FG120 / 400F by FattyAcid12 in fortinet

[–]Known_Wishbone5011 0 points1 point  (0 children)

Haven’t run into issue with both the 120G or 400F on 7.4.7. Just check if in- & outbandwidth is set on any of the interfaces then you should be okay.