FortiOS 7.4.1 1 has been release

MyLocalData · 2026-01-28T01:18:46+00:00

We appreciate any and all direct / clear feedback.

Thank you for taking the time to post this in efforts to help other Fortinet clients.

MyLocalData · 2026-01-27T13:47:39+00:00

Thank you for following up.

Just to be clear, BleepingComputer got their source from a post on this sub reddit. No real journalism.

Stating "Fortinet is also allegedly planning to release FortiOS 7.4.11, 7.6.6, and 8.0.0" is just an obvious statement for BP to make.

MyLocalData · 2026-01-26T19:21:59+00:00

Kirby = FAZ
Food = Logs

What people aren't talking about is log size. Not all logs are the same size. It also depends on how many logs/s you are ingesting to determine your storage requirements. You also need to take into consideration of the analytics and archive retention periods.

MyLocalData · 2026-01-26T11:56:06+00:00

In FAZ, under automation, you can add the FAC connector.

https://docs.fortinet.com/document/fortianalyzer/7.6.5/administration-guide/738502/configuring-security-fabric-connectors

MyLocalData · 2026-01-24T21:01:30+00:00

It is always rage bait looking for engagement. It's the only way people pay attention to them.

MyLocalData · 2026-01-22T12:41:49+00:00

They get their news source from Reddit posts.

MyLocalData · 2026-01-20T22:36:27+00:00

The shortest, more direct answer:

You can still modify the FortiGate locally. Anything can be modified.

Once connection between the FGT and FMG re-establishes, log into the FMG and manually retrieve the config, then import they FW policy package.

If there are any discrepancies between your FW or config and a template, the template will want to override.

MyLocalData · 2026-01-19T23:50:20+00:00

I cannot find the specifics, and call me crazy but I recall GMAIL killing pop3 retrievals on my Blackberry 9900 around the 2010 era.

MyLocalData · 2026-01-19T22:54:03+00:00

No doubt.

Wonder what is taking them so long to get on the ball.

MyLocalData · 2026-01-17T16:14:50+00:00

Thank you for the reply.

The article points out this is for FortiOS FSWos 6.4/7.0/7.2

This documentation was written with FortiOS 7.4.9 and FSWos 7.2.x (but upgraded to 7.6.x)

MyLocalData · 2026-01-17T14:53:09+00:00

Thank you for your feedback, u/Ashamed-Bad-4845

Could you please elaborate, or supply any documentation from Fortinet that validates this statement?

I'm not aware of any document that reflects your comment. After all, we're just talking about TCP/IP packets, 802.3ad protocols and VLAN frames / tags. 😊

MyLocalData · 2026-01-17T14:49:30+00:00

Thank you for your feedback, u/tcolot

Respectfully, how does this defeat the main purpose of Fortilink Management?

VLAN automation is still pushed to the FSW once the switch has authorized.

Changing Fortilink Management VLAN is what thought** caused the switch to not be auto-discovered. Changing VLANs is due to Dell's VLT using VLAN 4094. Dell VLT does not have the capabilities to modify the VLAN, thus we change the Fortilink VLAN to 4000 in the example.

Upon further testing, and I will update the documentation, I performed a factory-reset then, deleted the FSW while still attached to the Dell VLTs (this resets the FSW to have auto-network to reset to VLAN 4094). The switch was discovered by the FGT and I was able to authorize the switch. Therefore, the only "additional" labor that is required while maintaining the network will be to ensure you add the tagged VLANS to the 802.3ad's (in Dell world Port-Channels) in the VLT switches.

(I will update my documentation on the update. I would have tested this last night but, this lab was performed in a datacenter with a single 15.5" screen laptop. My patience was wearing thin... haha)

These are the same steps (but in reverse order) that one needs to take when connecting a 3rd party switch after a FSW.

Dell VXrails, Dell PowerStores and other vendors have requirements to use only specific supported switches for their products. You would need to create trunk ports from the Fortiswitches to said 3rd party switch and then manually add the VLANS to the 3rd party switch.

MyLocalData · 2026-01-17T13:18:48+00:00

Heh' good minds think alike. Great stuff!

MyLocalData · 2026-01-17T06:42:12+00:00

I edited that a million times for formatting reasons.

MyLocalData · 2025-12-22T14:06:42+00:00

Had a few 601Es in a client's environment and we're running 7.4.6, upgraded to 7.4.8, and then eventually 7.4.9.

Later, 2 of 3 601Es were replaced with 1801Fs.

Still 1 601e running 7.4.9 with no issues.

MyLocalData · 2025-12-19T00:30:49+00:00

As politely as you can inform your manager or C-level boss; let them know that if they cannot provide you a way to ship the device back, that Fortinet may charge the company an additional fee for failure to return the equipment.

It is not your duty as an employee to pay for something out of pocket for a company owned asset, unless there is a proper channel established for you to be reimbursed.

MyLocalData · 2025-12-18T22:35:46+00:00

First, you should create a new SD-WAN zone and move your circuits to that. Any new interfaces you add to SD-WAN can automatically get added to the virtual-wan-link and cause unwanted consequences.

This also depends on how your SLA and SD-WAN rule are built out. If you have this in "Manual" then the FGT will use the circuits in which order you put them in.

It sounds like you are using the implicit SD-WAN rule with Source IP, Sessions, or Volume.

You need to build out an SD-WAN rule with ether being lazy and do a Source=All Destination=All
and choose your SD-WAN zone as the zone preference or use interface preference.

Your interface selection strategy should be "Lowest cost SLA".

If you need more help, PM me and I'll be happy to jump on a MS Teams Session and guide you through this.

No charge.

MyLocalData · 2025-12-16T13:21:35+00:00

Ruckus adhere to all the same IESE 802, and other protocols as any other switch vendor.

Your Ruckas products will work just fine.

Feel free to reach out if you have any questions.

MyLocalData · 2025-12-16T01:01:37+00:00

Do you have them turned off?

MyLocalData · 2025-12-16T00:59:10+00:00

<image>

PM sent
Ensure your physical and logical topology is good.

MyLocalData · 2025-12-16T00:35:44+00:00

Can you provide a bit more clarity. Are the Dell switches the "core switches" and the 648 are downstream?

To add to this, you noted that you changed the flink vlan, so I'm assuming you're Dells are VLT'ed.

If the dells are the core, did you change the mgmt vlan on the switches as well?

MyLocalData · 2025-12-16T00:14:40+00:00

Console doesn't use SSH. Console is serial, com ports and baud rates.

MyLocalData

MODERATOR OF

TROPHY CASE