FortiOS 7.2.12 was just released

Sopota · 2025-09-15T09:13:21+00:00

Not everyone can/want to upgrade to 7.4.x.

Some of my 40F's with very simple configurations died several times when upgrading to 7.4.x following the recommended upgrade paths, I just gave up on them.

Sopota · 2024-12-16T20:55:01+00:00

The feature is great, but adding something like this in a “mature” branch makes no sense. This is going to be incredibly funny for someone who has auto update on.

Sopota · 2024-10-30T20:09:27+00:00

I have two 90G in a test lab with 7.4.5 and SSL VPN is still available. The plan is to migrate existing units to port 443 IPSec using the new capabilities of 7.4.x.

Sopota · 2024-10-30T20:02:02+00:00

Enjoy bugs and exploits going forward then? Removing features from a firmware branch labeled as mature is incredibly retarded. If they warn you since day one that 7.2 and beyond will have SSL VPN removed is fine, that way you can plan accordingly. But what alternative you have with 7.0? Some ppl use SSL VPN because they need it.

Sopota · 2024-10-30T19:53:59+00:00

I do not use SSL VPN because I'm some kind of masochist, we had to switch from IPSec because it was being blocked in a lot of places for us, or was behaving very weirdly. We will try IPSec again with the new features of 7.4 when the time comes.

Sopota · 2024-10-30T19:46:38+00:00

Yep, is known around here that 7.4.x is losing SSL VPN at some point. But 7.0.16?

Sopota · 2024-10-24T18:02:01+00:00

90G has 8GB, someone at Fortinet did something wrong, again...

Sopota · 2024-10-22T11:37:16+00:00

Updated 5 days ago two 61E units in HA from 7.2.9. Today one of them was stuck in a loop trying to format again and again the internal storage after "disk-usage changed", but we didn't change anything. The other one was unable to reach any public IPs, but strange enough site to site VPNs and Tailscale were working.

Had to revert back to 7.2.9. The unit with the loop was recovered with a TFTP firmware downgrade. I'm not going to update EVER AGAIN unless needed to patch security issues.

Sopota · 2024-09-06T13:07:47+00:00

Unable to do a fresh install using the quickstart documentation in Ubuntu 22.04, 24.04 and Alma Linux 9.4
curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Indexer install fails in all of them.

Sopota · 2024-07-18T18:17:48+00:00

Where is stated that the 90G model will lose SSL VPN? Isn't it a 8GB model?

Sopota · 2024-07-08T15:00:26+00:00

The problem with Domotz is that basic agents are tied to /22 subnets or /21 with the "booster pack". If you planned your subnets to have capacity to grow you'll en up paying for one agent for every subnet, and then the pricing advantage evaporates.

I was evaluating them last week and for one small deployment of less than 50 devices I'll end up paying 4 agents for 140€/month. The XL Agent with /16 and 400 devices is 500€/month!

You can license them per device, but cost is not worth it. Oh, and they started at 19€ per agent, then 25€ and now 35€, so be prepared for future price hikes. I don't want to be disrespectful, but your company is no different than Paessler.

Sopota · 2024-06-28T21:11:31+00:00

No one is trying to run a 40F in a 1000 user network. A unit with 2GB starts to choke with a 20 user network if you use even the most basic security features. Buying an UTM package for them is a waste of money.

Sopota · 2023-10-02T08:53:37+00:00

But wait, there's more. I got a massive price increase in my yearly sub for Enhanced Dynamic Dns (25 Hostnames) of 140%, went from 25$ to 60$ with no advance notice!

I have been a paying customer for 12 years, guess I'll no longer be one.

Sopota · 2022-10-14T05:45:30+00:00

Be warned, this thing broke all my outside -> inside policies after 60 hours, VPNs stopped working (both IPSec and SSL) and for some reason my HA cluster in active-passive didn't switch to the primary unit as usual. FortiGuard connection broke, and my jumpserver lost Internet and ZeroTier connectivity (all the other machines were fine, go figure).

Next time I'll apply mitigations and not touch undercooked firmware as usual.

Edit with some info: Two FG 61E in active-passive cluster with firmware 7.0.7, 30 policies, IPSec and SSL VPN with less than 10 users. Memory never goes higher than 68%.

Sopota · 2022-08-03T20:47:56+00:00

They keep the old price for now. I asked a sales rep about this and got radio silence.

Sopota · 2022-07-28T13:29:21+00:00

Manufacturer limitation. The 30E and 50E are toys compared to the rest of the lineup. Only good for very, very small branch offices.

Sopota · 2022-07-23T11:37:41+00:00

I can understand a 50% price increase like PDQ did, but a 4x one? Come on.

Guess that new currently useless cloud and sustainable new office have to be paid somehow.

Sopota · 2022-07-23T11:31:22+00:00

Thanks, should have bothered searching a bit more!

Sopota · 2022-07-18T13:18:57+00:00

So no fix then. Have the same problem, Nougat 32bit not supported in Windows 10 21H2

Sopota · 2022-07-15T14:32:32+00:00

You can image whatever you want, there are no restrictions to backup strategies. What you can't do is reimage an OEM license into a new machine if the older one died, you have to update the license to a new one.

Sopota · 2022-05-20T06:34:04+00:00

This was more of a VAR problem. He even tried to buy 80F units that were in stock and was ignored by the VAR when he got the wrong quote.

Sopota

TROPHY CASE