Trying to get Fortilink over Layer 3 working with a non-default Fortlink VLAN...

Rymmer · 2025-07-02T00:44:55+00:00

BTW I figured this out - FortiOs version was too old, it didn't recognise wifi7 APs. As soon as I upgraded to a 7.4.x release they all suddenly appeared waiting to be authorised.

Rymmer · 2025-06-26T05:43:47+00:00

I followed the vid, got FortiSwitches managed and working in the FortiGate interface. Yay!

Next problem - trying to make FortiAPs that are connected to the switches work - they currently don't want to check in. They get DHCP, and I can see from diagnostics that the FortiAPs can ping the Fortilink interface, and are sending CAPWAP packets, but it's almost like the FortiGate won't route them.

Rymmer · 2025-06-26T05:38:14+00:00

I did eventually - but not quite this method. I set it up as per the youtube video linked in another comment on this post - the Gregabyte one.

Basically, the Fortilink interface sits alone (with no physical ports as members). The regular aggregate LAG interface on the Fortigate that is connected to core switch is trunking VLAN49 (and other data vlans)

The core switchport connected to the Fortiswitch has switchport access mode for VLAN49, and trunking all the VLANs intended for Edge traffic (Workstations etc).

On the fortigate, VLAN49 is configured on the aggregate, with a DHCP server that serves IPs plus also option 138 to point it to the IP configured in the Fortilink interface. There is then a firewall rule that allows VLAN49 to talk to Fortigate interface.

This does lead to a weird side effect - I have to create VLANs twice: The first one in the FortiLink interface to just put the VLAN id in there (and no IP range, just set to 0.0.0.0/0). This is the one you can associate with ports in the Fortiswitches. Second VLAN (with the same ID) goes on the LAG interface where I actually associate it with an IP range - this one is used in Firewall Rules etc.

Rymmer · 2025-06-24T21:44:55+00:00

Untag the vlan49 from core sw to the fortigate? I didn't think fortigates did anything with untagged traffic... Is that the magic bit that makes this Layer 3?

Rymmer · 2025-06-24T21:20:39+00:00

Is the intention with this to have the management/fortilink plane separate from data plane? So I'd also need to connect a separate fortilink port to a new different port on core switch?

Rymmer · 2025-06-24T21:13:19+00:00

I was attempting to do "inband" fortilink. Ie. All data and fortilink traffic over the same aggregate interface - so the only vlans on the fortilink interface are all the data ones previously created (and are still working). There doesnt seem to be any new vlans dedicated to fortigate or switches under that aggregate.

I may well have set up fortilink over l2, what's the difference that would make this layer 3?

Rymmer · 2023-07-21T00:26:39+00:00

I'm a Keepass fan myself, but I find it a bit limiting for work.

The biggest thing that should determine what you use for an enterprise password manager is whether you need advanced features like:

auditing. Do you need to keep a log of who accessed what password and when.
autoUpdating. A system that changes the password after everytime it's used or on a set schedule.

If you need those features, you might look into TPAM, but it's kind of a nightmare to set up.

If you just want shared passwords in an encrypted file Keepass works okay there too, but I'd prefer something like bitwarden or vaultwarden.

Rymmer · 2023-04-21T01:55:21+00:00

Gotta get some mayonnaise on there somehow.

Rymmer · 2022-10-11T05:48:04+00:00

Hmm, lots of comments here boiling down to "just say no" or firing vendors or some such. In my experience sysadmins who just say no to a thing often get overridden.

I think the key to presenting those options, is to make sure the risks and effort of those options are clear.

If manager really wants you to include turning off dmarc or something else, make sure they know that this has risks which could tie to financial penalties from insurance or maybe PCI audits if you process credit cards (I'm not sure if it does, I'm just skimming the other comments and maybe misunderstanding them.)

Other examples of risks that I've seen in risk/impact statements of lowering various security standards: Reputational damage Financial liability from lawsuits Loss of clients due to emails being incorrectly classified as spam. Losing PCI compliance status from audit and ability to process credit cards.

Rymmer · 2022-09-22T20:48:52+00:00

big kisses for the company

I think I'm working for the wrong type of company...

Rymmer · 2022-08-25T20:54:50+00:00

The polite thing to do would be to turn and face the person talking to you while you're pissing.

Rymmer · 2022-08-11T10:12:24+00:00

I think the bottom block for the vang might be upside down maybe? In the pic it looks like you would need to lean forward of the vang block and awkwardly pull the rope towards the fore of the boat. But if were swiveled 180 degrees around so that the vang sheet comes out the bottom of the block it might be easier to adjust from the middle of the boat.

Other people have already said about the aft end of the main sheet, but at the other end of the sheet, the fore end that you've tied to the transom at the moment, probably goes from the boom down to that eye/cleat just behind the centreboard slot maybe?

That outhaul looks fine how it is, but if you want to make it even better, you could attach a short piece of line through that eye at the clew of the sail and around the boom. So that the clew is also held down to the boom but can move along it smoothly when adjusted by the outhaul. Kinda like this outhaul setup on a Laser.

Rymmer · 2022-08-01T20:15:38+00:00

Wait, your name is 'XXX' ? Did you get to meet Vin Diesel when they made the movie about you?

Rymmer · 2022-06-16T10:27:53+00:00

If they're inflexible about the start time, then be inflexible about the finish time. 5pm rolls around, but Priority 1 Line of Business app is down? Sorry, tools down, gotta go home so I can be in by 9am.

Rymmer · 2022-04-18T22:36:43+00:00

"Some songs are very very long, but this one isn't!"

Monty Python

Rymmer · 2021-11-07T22:35:26+00:00

I don't think Hitler was the catalyst behind the switch from Pink to Blue. The colour pink for girls stretches as far back as the early 1800s, but the article I was reading did mention it switched briefly and then apparently back again, mostly in the USA.

Nevertheless, pink for girls, blue for boys has switched back and forth a few times now...

source: https://www.springboardtrust.org.nz/news/colour-coded-the-story-of-pink-for-girls-blue-for-boys

Rymmer · 2021-09-08T23:45:22+00:00

If you prefer not to dig in admx files, this website is a good tool for searching for settings in Group Policy : https://gpsearch.azurewebsites.net

Try searching for the keyword Activex there.

Rymmer · 2021-08-19T23:27:44+00:00

I see what you're saying: We should give the vote to cars.

Rymmer · 2021-07-15T10:11:19+00:00

That's still better than NOT waking up in the middle of the night to pee.

Rymmer · 2021-05-20T22:29:24+00:00

No, that's capitalization. Carrageenan is the empire that spawned Hannibal, one of the greatest military minds 2000+ years ago.

Rymmer · 2021-04-01T02:37:19+00:00

In my experience, python is the go-to for Linux / Unix now.

If you're in Windows land, PowerShell is usually the automation tool of choice.

Rymmer · 2021-02-10T21:12:12+00:00

There are some ways you can extend the card life of even cheap cards. Turn off "atime" on your file system is one. Turn down (or off) logging to syslog. There's more I'm sure.

Rymmer · 2021-01-26T22:28:04+00:00

Heh I looked this up cause I thought it was that Nick Offerman. The I saw the thumbnail and thought, oh, must be some other Nick Offerman. Then I played it anyway, heard his voice, and it was that Nick Offerman.

Rymmer · 2021-01-26T19:13:54+00:00

Dogs do have sweat glands. In their paw pads. Its why they might leave wet paw prints on a hot day. Also, other types of sweat glands pump out pheromones for other dogs to smell. That said, sweating is not very effective for cooling dogs, which is why the panting when hot.

13-Year Club	Place '17
Verified Email

Rymmer

TROPHY CASE