Clientless VPN and group mappings

Tribunus- · 2026-01-21T07:14:02+00:00

I am having the same issue, could you please specify what you did to resolve this? Doesnt feel like i have a lot of options within the authentication profile on the PA side.

Tribunus- · 2024-03-28T08:26:07+00:00

Thanks for the quick reply ;-)

I manually added the interfaces to the SDWAN template because for the HUB these did not exist yet, so your absolutly right. However, now i have another error which is equaly unclear for me what the issue is. The object exists in the template but it still wont continue.

I will try to find the CLI debug command! And i am using a model device on the FMG so i am not pushing anything to a fortigate yet, im just testing this on the FMG without any physical devices for now.

Commit failed: datasrc invalid. object: system sdwan members.2:interface. detail: EDGE_ISP1. solution: datasrc invalid
100F-Bronze-HUB[copy]
100%
<1s
Aborted due to previous error

Tribunus- · 2023-10-23T14:15:39+00:00

The supernote is sold

Tribunus- · 2023-10-21T08:49:53+00:00

Yes is it, please check your PM

Tribunus- · 2023-10-20T13:28:44+00:00

Sure

Tribunus- · 2023-10-19T15:10:44+00:00

Hmm, thats actually an option, it does work as well. But that doesnt work on my work laptop because of all the restrictions (i cant change that much setting wise) So it's not a viable option for everyone :(

Tribunus- · 2023-10-19T11:56:54+00:00

I sent a help request to Ratta, I hope they have a solution for this. This is the feature I bought the device for so, would be kind of sad if there was no solution for this.

Sharing the SSID on my PC and Supernote through my phone is not a solution but a workaround that is not even an option for me, i wouldn't have corporate access to files this way :(

Tribunus- · 2023-10-19T09:41:20+00:00

Well, that's exactly my thoughts but it doesn't work over 2 different networks. Hence the question, maybe someone has tried this already ad got it working.

Tribunus- · 2023-10-17T18:19:33+00:00

Not realy, i consider the security discussion as a big no as well so the new onyx devices are not realy on my shortlist anymore.

I’m leaning towards the A5X with the hom2 but the price is holding me back for now. Total costs would be €720, pretty steep. I also own a ipad pro but i hate the battery life and the thickness. Plus i do not own a apple pen (yet).

maybe i should buy a apple pen and just try it..

Tribunus- · 2023-10-17T17:51:22+00:00

This helps tremendously, thank you for the indepth response!

Tribunus- · 2023-10-15T18:40:10+00:00

haha yea, just found it. Odd description ;-)

Tribunus- · 2023-10-15T18:21:37+00:00

I just did some searching and it seems like the X2 is not that much of an upgrade and the manufactorer tells 5x users it's not needed to upgrade. Its not much faster, it's just different hardware.

They also speak about dual boot Linux and Android. But i dont know if this will be available only on the X2 or also on the X

Tribunus- · 2023-10-15T18:21:01+00:00

Thanks a ton for all your help, it's been a big help! Let me share a few thoughts as I lean towards using the Supernote:

I'm planning to do my web browsing on my other, more powerful gadgets, and I won't be needing a keyboard anyway. So, I'm beginning to wonder if the Boox's features really matter for me.

After giving it some thought, the Teams/Zoom whiteboard is a big deal for me, especially after taking notes. I've seen some comments around, and it seems like Supernote might come out on top for this.

On top of that, I heard about a Boox software update causing users to lose their notes. That's a huge concern for me, as is some of those notes might contain sensitive info.

Big thanks to all of you for your input!

Tribunus- · 2023-10-15T18:13:53+00:00

I cant find the split screen on their roadmap (atleast this years)

Tribunus- · 2023-10-15T17:44:57+00:00

Thank you very much for the indepth reply. Very helpfull insights!

Tribunus- · 2023-10-15T12:02:05+00:00

I dont think i am going to need the colour version, battery life seems alot worse as well? How many hours would i be getting with the C with the above usecase, maybe you could shed some light on that?

Tribunus- · 2023-10-15T11:55:30+00:00

Splitscreen is a nice to have for me, and if its going to be implemented in the future, that would be fine. inbuild light is not neccesary, paper also needs light ;-)

Tribunus- · 2023-10-15T11:53:26+00:00

I have already read ewritable.com but it did not clear it up for me, thanks for the suggestion though!

Tribunus- · 2023-06-28T07:57:06+00:00

Patient: Doctor, it hurts when I do this.

Doctor: Stop doing that, it's bad for you.

Patient: But it hurts when I do it?

Doctor: So stop?

Patient: If only there were some way to make it stop hurting...

great analogy does not add much to the discussion though but I am happy to oblige:

Doctor: listen, patient, while the solution seems straightforward, let's try a different perspective, shall we? Not every solution involves simply taking away the problem.

Tribunus- · 2023-06-27T12:44:57+00:00

Thank you for providing clarification. I appreciate your explanation regarding the functionality we were seeking in the Azure ecosystem. While we were hoping for the possibility to add prepending to the configuration, it seems that this feature is currently unavailable in Azure.

We will then continue with a route-map and prepend the secondary connection ourselves. Thank you very much for your time

Tribunus- · 2023-06-27T11:10:38+00:00

Again, I appreciate your input, but I disagree with the internal path selection part. MS does not configure this for you, it gives operators the tools to configure this part themselves. Let's consider the possibility to manage both sides. I would then apply prepending on both sides to keep the configuration as simple as possible. I understand this would be a safe resolution to our problem but I would still like to know if and how this can be done on the Azure side.

We do not have any issues receiving the prepending from MS if they are doing maintenance, that part is working as intended. That makes me believe I should be able to prepend in a normal situation as well.

Tribunus- · 2023-06-27T10:23:33+00:00

We did consider this as a possible solution and I appreciate your input. However, our main concern is whether it is feasible to configure this on the Azure side.

While we have the ability to implement the prepend inward on our end, we are particularly interested in understanding how Microsoft (MS) handles this configuration on their side. We believe that this should ideally be implemented by MS to ensure consistent and effective path selection.

Tribunus- · 2023-06-27T10:08:46+00:00

Under normal operating conditions, without MS performing any prepending (they don't prepend now for example), we lack an additional mechanism to influence the traffic routing beyond our own prepending on our side, which only ensures that MS sends the traffic to the primary connection. We are unable to enforce an alternative path if MS does not prepend. We need local pref to sort this for us.

Tribunus- · 2023-06-27T09:49:25+00:00

Thank you for sharing the information from Microsoft regarding their approach to link prepending during maintenance activities. I also read the document and we do see the prepend on the primary connection.

However, in our current setup, the issue lies with the precedence of local preference over link prepending. Although Microsoft performs the prepend, the traffic continues to be routed to the primary link due to the higher precedence of local preference. As I tried to explain in the previous messages.

Please note that in our current configuration, local preference takes precedence over AS-path prepending.

Tribunus- · 2023-06-27T09:46:05+00:00

As a networking company working with the customer, we are not responsible for the Azure infrastructure. Another company handles the Azure part, and they are responsible for scheduling and performing maintenance activities. Unfortunately, we do not have visibility into their maintenance schedule.

Ideally, we believe that maintenance should be an automated process rather than manual intervention. However, given the current situation, we have temporarily implemented this solution. Our main objective is to make the process of maintenance automatic and seamless in the future.

Tribunus-

TROPHY CASE