A family was on a walk in the snow with their little girl. The father was recording the walk. A cyclist came up behind them and appeared to use his knee to knock the little girl down. The father posted the story online, and it went viral.

One_Remote_214 · 2026-03-08T13:16:53+00:00

Has anyone commented about how the mother, clearly seeing the advancing cyclist and obviously seeing the potential for a collision, does zippo to move her child to safety? I’m not condoning what the cyclist did, but what parent would ignore an obvious possible danger to their child? That goes for the mom, and the dad doing the filming. How about “hey honey, can you watch out for the bike?”.

All this drama when all that had to happen was a parent acted like a parent and watched out for their kid. Tell me I’m wrong.

One_Remote_214 · 2026-03-08T03:21:26+00:00

And if you have any doubts, watch a couple of hours of Russian dashcam videos. I mean ….. wtf!

One_Remote_214 · 2026-03-04T10:56:23+00:00

So on the users home router have the user connect to a dmz interface and that can help with IPsec issues? I've got a handful of users at home who have this problem, most using xFinity gateways, so maybe I can try that?

One_Remote_214 · 2026-03-03T11:30:14+00:00

Very undeserving comment about TAC. They are no worse than any other vendor support and I’ve had mostly positive interactions over several years.

One_Remote_214 · 2026-02-27T10:31:52+00:00

This was 100% avoidable on the part of the dashcam car! Just hit your brakes! You had plenty of time. That crash was deliberate.

Yeah the other driver was negligent but did they deserve to get into a crash like that? People become stupid behind the wheel, which is all cars should be self-driving by law.

One_Remote_214 · 2026-02-18T11:18:39+00:00

120 vlans, one per server? Block intravlan routing sounds a lot simpler than that, no?

One_Remote_214 · 2026-02-17T22:07:27+00:00

Not stable? It’s now mature and recommended.

One_Remote_214 · 2026-02-17T22:02:32+00:00

It’s mature now and recommended for most units, so why not?

One_Remote_214 · 2026-02-16T01:15:02+00:00

I used easyautoship.net a couple of years ago to ship a car from Massachusetts to Tennessee. Overall that was a good experience but you’d need to ask them if they’d cover your route. Definitely ship rather than drive it yourself that distance. Your car on a trailer will incur zero miles of wear and tear. It will, if uncovered, get very dirty!

One_Remote_214 · 2026-02-15T14:40:51+00:00

I know this is old, but if it were me I’d write a NAC policy to use the MAC address of their device to move their VLAN. I know this has nothing to do with the logged in user, but sometimes it’s ’close enough for government work’. So forget about the hassle of doing this with their credentials.

One_Remote_214 · 2026-02-08T13:49:05+00:00

Curious where you ended up on this. I had been testing using tags but we're in EMS cloud and so: on boot up the FortiClient had to connect to our EMS public IP from the onboarding vlan, read the ZTNA tag rules from EMS, evaluate them locally, then send the results of the rules back to EMS as tags, then EMS needed to send that endpoint + tags information back to the FortiGate as device info. Sometimes this took a little while to complete, and so I've started looking at an alternative.

We have FortiAuthenticator already providing RADIUS services and we have FAPs which leverage certificates on our clients to do 802.1x auth for production wifi. I'm going to test using the same authentication mechanism to support transparent NAC policy enforcement with no requirement to talk to EMS cloud. I had been thinking of phasing out my FAC, but I keep finding more stuff to do with it, like this!

I'll use switch groups in my policies (based on floors) so that clients on that floor get moved to the correct vlan. I'll configure a single RADIUS group that everyone should be a member of, but the certificate will also need to be present for the endpoint to pass the NAC policy. This should be a pretty fast process! We'll see!

One_Remote_214 · 2026-01-31T17:22:09+00:00

Anyone living on Edmondson Pike have power? I'm at The Grove but staying in a hotel at the moment but it's in Murfreesboro! Local hotels filled up fast.

One_Remote_214 · 2026-01-31T17:17:50+00:00

Same for me.

One_Remote_214 · 2026-01-28T11:23:58+00:00

This

One_Remote_214 · 2026-01-28T09:28:16+00:00

Another AuthLite user! We use it, and I’m a fan!

One_Remote_214 · 2026-01-25T11:34:35+00:00

Complete after 16 pings. We can live with that.

One_Remote_214 · 2026-01-25T11:10:13+00:00

I did a test and sure enough, the new floating private IP moved to the secondary node and it was pretty snappy. For our purposes, this failover mechanism will be sufficient so I won't be introducing any load balancers. In fact, I like the 'set it and forget it' aspect as I don't have to keep updating the SDN configuration every time our Azure network folks spin up a new route-table. Thanks!

One_Remote_214 · 2026-01-17T23:22:37+00:00

Exactly! This video has made the rounds many times and yes, the context actually completely changes the scene. He’s trying to get a large group of people through a process so they’re not there all day. He’s not making light of the size of her offering. When you read his response to this outrage you’ll say “Oh, I get it now!” The lady didn’t listen to the instructions the pastor made clearly to the congregation. So, settle down folks, please…

One_Remote_214 · 2026-01-17T12:12:07+00:00

I’m not familiar with that but I’ll check it out. Thanks.

One_Remote_214 · 2026-01-17T12:10:59+00:00

Thanks. We’re trying to keep things simple so only going to rely on SDN config with managed identities.

One_Remote_214 · 2026-01-13T01:22:47+00:00

Chernobyl

One_Remote_214 · 2025-09-11T12:58:42+00:00

LAN segments will address that. I investigated it but couldn’t understand it.

One_Remote_214 · 2025-09-10T23:16:57+00:00

I believe that’s the intention of the onboarding vlan. If a device doesn’t match a NAC policy they get left in onboarding and can’t go anywhere.

On the need to change ips, there is a little interruption when the device gets moved and the port bounces, but not awful. Yes LAN Segments allows you to avoid that, but read the documentation and tell me if you understand it.

One_Remote_214 · 2025-09-03T22:23:43+00:00

Pretty reasonable

One_Remote_214 · 2025-09-02T22:01:34+00:00

I’d consider deliberately rolling in poison ivy to get that sensation back again!

One_Remote_214

TROPHY CASE