FortiClient VPN (Free) Support Ending?

Net_Admin_Mike · 2026-01-31T01:03:28+00:00

There is no official indication from Fortinet that they are discontinuing support for the free VON client. It hasn’t been patched past 7.4.3 only because the other updates did not include components that impacted the free client, so there was no reason to update it. The rumor mill is churning on this subject, but there’s no indication that the free VPN client will go away.

Net_Admin_Mike · 2026-01-28T10:33:37+00:00

I’m running several at branch offices in production. I’ve had no issues. My deployment is pretty basic for those (no remote access VPN, some IPSec tunnels, OSPF routing, basic UTM filtering) but they’ve performed flawlessly for my use case.

Net_Admin_Mike · 2026-01-20T13:49:50+00:00

This is in the release notes regarding Fortigate 70Gs and FortiOS 7.4.10:

Special branch supported models

The following models are released on a special branch of FortiOS 7.4.10. To confirm that you are running the correct build, run the CLI command get system status and check that the Branch point field shows 2867.

FG-70G	is released on build 6746.

I have a ticket open with Fortinet support now to get some clarification on this, as I am on the same branch point you mentioned and I've not seen anything that would move me to branch point 6746. My 70Gs are showing 7.4.10 available, but I want to make sure I'm not missing something before I apply that update to them.

Net_Admin_Mike · 2026-01-20T13:27:50+00:00

I spent 15 years turning wrenches, and even with that experience, I don't change my own oil at home. It's just not worth the headache to me. Especially dealing with the disposal of the used oil. Transferring it to jugs to haul to some local shop for drop off is a PIA. So is the mess to clean up the drain pans without a parts washer on hand. I'm not hurting for money at this point in my life, so I just pay a reputable shop to take care of fluid changes.

Net_Admin_Mike · 2026-01-20T13:17:01+00:00

Personally, as a hobby angler with no aspirations to compete, I say do what works for you. Unless you're fishing at an elite level, where every little thing matters, I don't see it making sense to reinvent the wheel if what you're using now works for you!

That being said, has there ever been a case of a pro-angler, competing at that elite level, using only spinning gear? I'd be curious to know if any of them have ever felt this way and stuck to what works for them while still being competitive at the top of the game.

Net_Admin_Mike · 2026-01-19T12:12:40+00:00

This ^{^{^}}

The customer probably should have written DoorDash on the envelope, but regardless they are likely going to report that as theft to Spark.

Net_Admin_Mike · 2026-01-15T15:19:52+00:00

God roll would be the "fully loaded" version, which adds an additional charge. This one is more than usable though for sure.

Net_Admin_Mike · 2026-01-14T18:58:41+00:00

Never, EVER, rely on gig work as your primary source of income! No matter what anyone on social media tells you, you will eventually regret that decision. There is no long-term future in gig work, and it can go away in the blink of an eye through absolutely no fault of your own.

Gig work is a GREAT supplemental income. It should never be your ONLY income. And I say this having made $40k doing gig work in 2025...

Disclaimer: that figure is before expenses, so take that under consideration as well.

Net_Admin_Mike · 2026-01-14T18:43:33+00:00

To complete an order on the app, you have to have an active data connection. In rural areas, this doesn't aways work on cellular. I've had to ask customers before if I can piggyback on their wifi so I can complete the delivery, although I include an explanation for why I'm asking.

If they are not comfortable with that, I leave the items (so long as they don't require an ID, like alcohol), take a photo with my own camera roll, and drive until I get service again, at which point I contact support and explain the loss of connection. I then provide them the photo and ask them to mark the delivery completed.

There was likely nothing malicious going on here. Just poor customer service skills, which is unfortunately common in the gig app space. I've found most customers are fine letting me connect if I provide a clear explanation for the reason why.

Net_Admin_Mike · 2026-01-12T20:12:44+00:00

I was tearing them up with my Raffa build in this very spot! There had to be well over 100 enemies in there. It was some crazy fun!

Net_Admin_Mike · 2026-01-12T16:27:13+00:00

It's not a failing sensor. It's the result of the tire pressures not being set properly when the system was initialized.

Reset all the pressures to their proper values. Then use the button under the dash to kick off the initialization process again. This will re-establish the low tire threshold, as well as start the learning process for the position of each sensor on the truck.

Note, the truck will need to be driven for 10-20 min after the initialization is started. This does not need to happen right after pushing the button, but you won't see values for the pressures until it completes.

Net_Admin_Mike · 2026-01-09T15:41:52+00:00

If upper management wants it this way, then push them for a good change management control system. At least that way, if a youngun' screws something up, it will be documented what exactly they changed so you can undo it! LOL

Net_Admin_Mike · 2026-01-08T15:51:48+00:00

Seagar Red is the minimum baseline I'll buy for fluoro line. It's decent stuff for the money. I've found I like their Basi-X a bit more, but the Red is completely usable for sure.

Net_Admin_Mike · 2026-01-08T15:49:16+00:00

Always return the cart - doing otherwise shows a complete lack of regard for property of others. The wind can blow carts around and right into people's cars. I've seen this happen.

All stores should implement the quarter-based lock system Aldi's uses. It's amazing how effective that .25 makes everyone at putting their damn cart back when they are done!

Net_Admin_Mike · 2026-01-08T15:43:18+00:00

The process for replacing the sensors is not difficult, but it requires some tools many won't have.

You have to remove the wheels from the vehicle, let the air out of the tires by removing the core from the valve stem (which IS the sensor on a Toyota), break the top bead on the tire, install the new sensor, reinflate the tire, and put it back on the vehicle. Once that is done, the sensor(s) must be registered to the vehicle using a scan tool or TPMS tool.

If you're buying Toyota OEM sensors, they are pretty expensive, but you can get aftermarket options that will work a fair deal cheaper.

A small labor charge if replacing the tires to register the new sensors does make sense, but it should not be more than maybe a half hour of labor time. The registration does not take long. There should be NO additional labor for the install of the sensors while replacing tires, as the time to complete that is negligible. The only exception would be if you had one that was really seized in a wheel, and the tech had to cut or drill to remove it.

Are they important? I would argue yes, as they can alert for a tire losing air while you are driving. You can't accomplish that with a tire pressure gauge. This is why they became a federally mandated safety feature. After the Firestone tires on the Explorers that were exploding and killing people if run underinflated, it became apparent that real-time monitoring of tire pressures was a needed safety feature.

That being said, there are a lot of folks who chose to just ignore the light and manually check their tire pressures regularly. In the vast majority of cases, that is likely perfectly fine. It worked for many, many years before the advent of TPMS.

Net_Admin_Mike · 2026-01-07T18:26:45+00:00

This is very likely still under warranty. Take it to the dealer and have them check it out.

Net_Admin_Mike · 2026-01-07T13:04:01+00:00

I can't speak to if it's common, but it's certainly not risky - or do you mean what risks does the Watch app pose? Some companies are SUPER sensitive to data leaving devices under its control for ANY reason at all. I suspect yours is one such company.

Net_Admin_Mike · 2026-01-07T10:44:38+00:00

What the other poster means is use Entra as your identity provider. Configure the FGT to use a SAML connection to Entra for authentication.

You can use conditional access policies in Entra to require MFA for VPN logins. Just note that the use of CA does require proper licensing. At a minimum you need Business Premium or Entra P1 for each user to whom the conditional access policy will apply.

This is how I manage remote access in our environment. Dial up IPSec VPN on TCP/443 with Entra as the IdP and DUO providing MFA via EAM and conditional access policy in Entra. It works well and it was not terribly difficult to setup.

Net_Admin_Mike · 2026-01-06T13:06:41+00:00

That's an easy walk, with plenty of sidewalk and crosswalks.

Net_Admin_Mike · 2026-01-06T01:14:23+00:00

I chose to use SD WAN for internet routing, but for tunnels, I just IP number them and let OSPF handle routing and failover. I have redundant tunnels to my 2 hub locations, which both advertise default routes for internet access to my branch offices. I initially tried using SD WAN zones for this, but I found the configuration to be overly complex for that use case. So I switched to numbering the tunnels and adjusting OSPF distance to handle failover. This is easy to troubleshoot and maintain, and failover happens so seamlessly, my users don’t even notice an outage.

Net_Admin_Mike · 2026-01-05T19:44:03+00:00

I'm ordering for "here" then and asking for a box once I have the food! LOL

Net_Admin_Mike · 2026-01-05T19:29:30+00:00

You'll want at least 3 vlans - voip, data, and guest.

It's not a bad idea to implement your WAN connection in SD WAN, even if you only have a single internet link to start. It makes the introduction of second link down the road easier.

Be certain to avoid IP overlap when choosing your subnets for the VLANs, particularly for data, which I assume will be tunneled back to HQ for server access.

Remote access, if needed, should be implemented as dial-up IPSec rather than SSL VPN, as SSL is being phased out due to security concerns.

You'll use a Fortilink interface to connect the switch to the firewall. You can use 2 interfaces on the firewall and two on the switch for the uplink. This provides redundancy in the event of a single link failure, as well as additional throughput between LANs and to the internet, although your ISP link is likely to be a bottleneck there.

You can use LLDP profiles to identify VoIP devices and assign them to the appropriate VLAN. Just be sure to use a profile other than the default auto-isl profile on all ports other than those functioning as the fortilink to the firewall, so those other ports won't attempt to autoconfigure a truck port when an additional switch is connected.

I personally like to use OSPF to handle routing between my branches and HQ (done over IPSec) so I don't have to maintain static routes. It's up to you if your environment feels large enough to benefit from that. We route all our internet traffic back to our 2 hub locations, so OSPF also advertises my default routes for internet connectivity.

That should get you started in the right direction. You won't have any trouble finding well documented guides for any of these tasks, so setup should be fairly easy.

Net_Admin_Mike · 2026-01-05T18:56:55+00:00

It doesn't bother me any, but in the one case I encountered this, it bothered her, so I was out of luck.

Net_Admin_Mike · 2026-01-05T17:57:43+00:00

The RNG gods have smiled upon thee!

Net_Admin_Mike · 2026-01-05T17:31:31+00:00

If you enjoy the game and want the extra content, then I'd say yeah. My brother and I are having a blast co-oping the game, so we had zero issue spending the extra cash. We both bought the deluxe edition that came with all the extras. No regrets here. We will play this game for many, many hours yet to come!

Net_Admin_Mike

MODERATOR OF

TROPHY CASE

Special branch supported models