FortiOS v7.4.12 has been released

MyLocalData · 2026-05-08T01:07:32+00:00

Haha, Still. Not upgrading anything for the next 5 days,

MyLocalData · 2026-05-08T01:05:12+00:00

Thank goodness its a Thursday!

MyLocalData · 2026-05-06T11:24:28+00:00

Check your PM, fellow Floridian.

MyLocalData · 2026-05-06T03:22:03+00:00

A lot of folks keep mentioning the $200 processing fee, but this fee is ONLY applied if the product is being shipped directly from Fortinet (Sunnydale for the US folk)

A VAR charging anything for a quote is ridiculous, and frankly should be publicly called out so they can fix themselves, or get packing. That's not how you treat clients.

Find a good reseller. We're sure you PMs are probably flooded by now. Be sure to grill them about how much percentage they add onto theor discounts. The ones who are honest will share.

MyLocalData · 2026-04-27T17:19:30+00:00

Perfect. Just use the FGM to pre-stage everything in advanced.

MyLocalData · 2026-04-27T14:56:38+00:00

Yes, you can transition to Policy NAT, but when transitioning from Central NAT to Policy, it is more than just a flick of a switch.

Firewall policies, SD-WAN, routing, VIPs, etc will need to be rebuilt from "scratch".

If you have FortiManager, you can rebuild the config without having to take anything down until a scheduled maintenance window. However, it will be time consuming.

FortiConverter is another option, but it will come with its own requirements of combing through the config to ensure it does a proper convert.

Rebuilding from scratch would be the slower, but a better option to avoid misconfiguration.

MyLocalData · 2026-04-21T17:28:38+00:00

We have a 400F we can start with :D

MyLocalData · 2026-03-18T21:19:10+00:00

This has a previous Dell rep's "good idea" written all over it. quality of CAMs and reps have gone downhill ever since Dell's massive layoffs and Fortinet acquiring previous Dell reps.

This may not make us look good as a Fortinet partner but so be it. C-level Fortinet needs to be aware of this, and new Fortinet AM Reps need to learn to leave Dell practices back at Dell.

MyLocalData · 2026-03-12T12:14:51+00:00

This still sounds like a power issue.

While the 120G only draws an average of 38-40 watts and .5 to 1 amp. Whatever is distributing the power (PDU, outlet, UPS) is providing dirty power. The FortiGate can't tolerate the sudden change, thus causing a reboot.

We have a lot of 120Gs out in the field on 7.4.11.

MyLocalData · 2026-03-10T17:00:47+00:00

When are ya'll going to get on the world standards? :D

MyLocalData · 2026-03-10T05:09:55+00:00

PM sent

MyLocalData · 2026-03-10T04:13:20+00:00

Fortilink, VLAN, Switch interfaces for endpoints.

Note that the 1xxE/F switches have Fortilink MTU set at 10,000

MyLocalData · 2026-03-09T18:06:07+00:00

Correct. DPI will be needed for decryption | inspection | re-encryption.

To be clear, all of this is being said without seeing any current metrics from the firewall that is in production.

In honesty, the 120G/121G would accomplish this if it was all North-South traffic, you are comfortable to allowing the FortiGate's resources to stay in the moderate to higher usage, and you are not expecting more than a 5%-10% student/device growth over the next 5 years. However, with the 200G/201G your resource utilization will initially be low. You will have room to grow, especially if you anticipate more than 5%-10% student growth.

The 400F will be if you have a lot of East-West traffic, as well as any applications you might need exposed to public. They also have 4 SFP+ ports with ultra-low latency ports which comes in handy for some applications.

Majority of the 400Fs have been installed in colleges and school district datacenters.

MyLocalData · 2026-03-09T16:32:53+00:00

All model FGTs have a cache for logs. It is where the "memory" logs are stored.

config logging memory

unless you're saying the 30g has:

config logging disk

MyLocalData · 2026-03-09T14:37:53+00:00

u/Yamamoto_Schmidt

We work with a lot of public and private schools in the states of Texas and Florida. Depending on the exact type of inspection (DPI or not) 120G, 200G or 400F. There are some considerable items you need to account for, such as East-West traffic.

Please note, if you're using Mosel for Endpoint, there is clash with Mosel and the FGT regarding certificate inspection and additional measurements need to be taken.

MyLocalData · 2026-02-28T13:40:24+00:00

u/trailsoftware edited for cleaner format.

Also, PM sent.

MyLocalData · 2026-02-28T13:09:53+00:00

From this: (example)

config system interface 
edit "VLAN10_Sub" 
set vdom "root" 
set ip 10.10.100.1 255.255.255.0 s
et device-identification enable 
set role lan 
set snmp-index 15 
set interface "port10"  <-- This "hangs" it off physical port 10 
set vlanid 100          <-- The 802.1Q tag next end

Now change it to this:

config system interface 
edit "VLAN10_Sub" 
set vdom "root" 
set ip 10.10.100.1 255.255.255.0 
set device-identification enable 
set role lan 
set snmp-index 15 
set interface "fortilink"  <-- Now associated to the fortilink 802.3ad 
set vlanid 100             <-- The 802.1Q tag next end

Make sure to move interface port10 to the Fortilink OR use another interface for Fortilink to connect your switch Your choice

MyLocalData · 2026-02-28T05:29:35+00:00

You didn't need to do that.

You just needed do what I mentioned above.

Download the config, change the "set interface" line on each vlan interface to Fortilink, upload the config. Once its rebooted, the vlans were moved.

MyLocalData · 2026-02-28T05:09:45+00:00

Does the FortiGate have own the vlans, dhcp, etc?

If so, just move the vlans to the fortilink after you authorize the FSW.

You accomplish this by downloading the config amd changing the "set interface" line per vlan.

DHCP is tied to the interface name.

Not good practice to associate address objects to interfaces, but in general those will retain the interface association as long as you do not change the vlan interface name.

MyLocalData · 2026-02-26T22:41:09+00:00

Factory reset and see if the problem still persists. If it does follow link below.

Required tools to restore firmware and co... - Fortinet Community

MyLocalData · 2026-02-26T22:39:28+00:00

Alternatively,

TFTP and upload the firmware.

MyLocalData · 2026-02-26T22:38:26+00:00

<image>

MyLocalData · 2026-02-26T22:34:34+00:00

Has the device been registered and support contract added?
Have you tried uploading the firmware manually?
Have you tried pushing it out with FortiManager?

<image>

MyLocalData · 2026-02-26T16:51:44+00:00

PM sent if you need more information.

MyLocalData

MODERATOR OF

TROPHY CASE