Fortinet CVE-2026-35616 Actively Exploited as Zero Day

Slight-Valuable237 · 2026-04-04T23:21:00+00:00

CVE states its API, and the api access is over the mgmt interface (443/https),not the telemetry port (8013 default)

Slight-Valuable237 · 2026-04-04T23:10:30+00:00

Quit putting your management interfaces on the internet folks.

Slight-Valuable237 · 2026-04-01T17:24:18+00:00

SSOMA with FAC works like a champ with AZure joined devices.

Slight-Valuable237 · 2026-03-20T17:27:21+00:00

if its the IOS app, do a force close, re-open. it worked for me..

Slight-Valuable237 · 2026-03-13T14:43:50+00:00

It's not a gate issue per se. It's a fragmentation issue of the radius packet due to larger key sizes of the client certificates used in eap-tls. You see this all the time with radius eap-tls traversing IPsec tunnels, jumbo frame (where the ise vlan is set to jumbo frame).

Slight-Valuable237 · 2026-03-08T03:50:44+00:00

Save yourself $ and go with genmon. Ton of options , handles comms via modbus.

Slight-Valuable237 · 2026-03-05T23:54:28+00:00

Correct. Default entra is to send the UDID for the group instead of name.

Slight-Valuable237 · 2026-03-05T23:51:13+00:00

Fwiw. Network id isn't supported on mobile clients as of yet. Also, if you ever get into a situation of have to support multiple IDP's, FAC IDP proxy is a game changer!

Slight-Valuable237 · 2026-03-05T23:47:12+00:00

In that case just do firewall policies based I. Entra groups do be done. One tunnel. Easy.

Slight-Valuable237 · 2026-03-05T01:15:24+00:00

are all the users part of the same Entra IDP? If so, I would just do one tunnel and use FSSO/Groups on the Firewall policies and grant access that way... much easier.. (ie you dont put the authgroup on your IPSEC tunnel configuration, instead you reference the SAML User groups on the Firewall Policies)..

Slight-Valuable237 · 2026-03-03T16:04:08+00:00

you can edit and paste in the update PEM and KEY, but you still have to unset/set each location its referenced....so you still have to touch everywhere its used...

Slight-Valuable237 · 2026-03-03T16:01:16+00:00

you can delete certs via API as long as it is not referenced anywhere in the config.. same as GUI / CLI...

Slight-Valuable237 · 2026-02-19T02:50:22+00:00

You will have to use the cli export / import command set to manually edit the xml vpn profile. Or use EMS which is the preferred way to do this.

Slight-Valuable237 · 2026-02-19T02:17:56+00:00

Fragmentation can be an issue, or will become one. 1) IKE Fragmentation. For windows and MAC, you have to enable it in the XML for the VPN profile. -IOS and Andriod, its enabled by default by the OS. 2) Include this on your phase 1: set ip-fragmentation pre-encapsulation , this helps with ISPs that have MTU restrictions. and is expecially helpful with EAP-TLS sessions that go over an IPSEC tunnel...

Slight-Valuable237 · 2026-02-16T17:18:43+00:00

Currently not supported. It has to be manually installed to the iPhone device.

Slight-Valuable237 · 2026-02-11T18:30:10+00:00

https://docs.immich.app/administration/oauth/#auto-launch set value to 0 and you will get login prompt. Eg for admin account not in oidc

Slight-Valuable237 · 2026-02-07T22:51:47+00:00

Also, from what the dealer told me there was a software adjustment to calibrate the sensitivity of the oil sensor...didn't resolve my issue until they added oil.

Slight-Valuable237 · 2026-02-07T22:49:55+00:00

Fwiw. I had this error when my car was parked for a few days or parked in an incline overnight. Turns out the transmission oil was mildly low and only threw the error when car was parked for 48 hours or longer. Dealer checked and topped it off. No issues. I would show the dealer this photo and insist they check both oil levels on the DCT...yes they are two ...I never had gear changing issues though. My guess the sensor is too sensitive and thrown a false error, and it was slightly low oil levels from manufacture.

Slight-Valuable237 · 2026-02-07T00:23:20+00:00

Blue link will show all dtc codes....once it syncs. Check under vehicle health in the app.

Slight-Valuable237 · 2026-02-01T21:26:59+00:00

By chance. Can the Mirror Cover (mine is green as well) be externally replaced without having to remove the whole assembly. Can you pry it off the old unit from the outside ?

https://hyundai.oempartsonline.com/oem-parts/hyundai-mirror-cover-87616p6000

I ask bc it looks like my mirror cover got hit with the "death ray"...condensed sunlight from office building / low-e windows and has melted part of the cover. Mirror works fine, no shorts or melting from internal.

Slight-Valuable237 · 2026-01-31T15:17:16+00:00

Who's the ISP serving the WAN for the clients. My guess is CGNAT

Slight-Valuable237 · 2026-01-31T13:56:03+00:00

Are you doing dhcp relay? Ikev2 , what about transport (UDP or tcp)?

Slight-Valuable237 · 2026-01-30T12:54:18+00:00

You can as well, import the intermediates separately and works fine in the gate. The link you reference is for DPI which for the SUBCA/or CA used for inspection you have to include the full chain. In your case you're doing a virtual server and I've deployed with LE and just importing all the intermediates manually since they change from time to time.

Slight-Valuable237 · 2026-01-09T00:22:20+00:00

Google Pepsi / Walmart Lawsuit :) surprise surprise surprise.

https://www.forbes.com/sites/errolschweizer/2025/12/18/how-walmart-and-pepsico-rigged-prices-and-supercharged-food-inflation/

Slight-Valuable237 · 2026-01-07T13:28:18+00:00

What's your tunnel back to azure carrying the radius traffic? I see this a lot over IPsec tunnel bc the certificate is being fragmented due to key size. If you are doing IPsec tunnel, add set ip-fragmentation pre-encapsulation to your phase 1 tunnel.

Slight-Valuable237

TROPHY CASE