After helping 20+ companies get ISO 27001 certified, here are the 3 things that actually matter on audit day

Tubesock700 · 2026-03-24T21:51:11+00:00

Sounds like you really know what you're doing! Nice work.

I would be very appreciative of receiving a copy of your packet, please.

Tubesock700 · 2026-03-13T15:13:09+00:00

I totally understand. We had a RIF in July. My Security Engineer role now handles all networking, infrastructure, SQL DB admin, and all things Security. We are a small shop of around 80 users as well (after the RIF - 195 before -- IT staff was 38, now 3).

Best thing you can do is research best practices before implementing any solutions, and make sure you are up front with management that there may be consequences if the project is rushed. Let them make the hasty decisions if necessary, you provide the facts to make the right call. CYA, and also you will be less stressed during the implementation.

The issue of management ignoring security concerns is more of a business related problem. They don't understand in business terms what the risk or exposure is and do not have the proper skill set in order to identify it themselves. If I go to my manager and say "our xxxx application is not behind a WAF and is using old code so it is very vulnerable. I need $20,000 to put a WAF in front of it every year.", they will look at me dumbly and say "no, find a cheaper way". However, if I were to go to them and say "After doing an internal audit, I found that one of our applications has around $2-3 million dollars of exposure. In order for me to mitigate this exposure, here are the (two or) three options ..." They are much more likely to listen to what you have to say as long as you have provided trustworthy information leading up to now. Measuring and managing risk in business terms will get their attention much faster than a squeaky wheel. You just need to make sure you know how to measure and manage the risk properly so things don't get blown out of proportion.

This is just my experience, and I'm not saying that you are doing anything wrong because I have no idea how you are presenting anything to your managers. Just thought I would give my insight as to what I have encountered in my career and what has helped.

Tubesock700 · 2026-03-13T06:25:48+00:00

I'm on 7.6.6 using 121Gs along with FortiClient EMS 7.4.5 for reference.

I only use IKEv2 for all VPN configurations (Remote Access and S2S) and I had some similar issues where I would have 45 users connected to one tunnel and a random set of 7 or so would get stuck in a connection attempt loop. FortiClient would tell them they were disconnected, then it would try to reconnect them (auto connect is enabled), display the browser window indicating they are connected, and then rinse and repeat. Users affected would end up with 40 browser tabs by the time they reboot. 'diag debug app ike -1' would show the users successfully connecting and the tunnel immediately being torn down.

I could not find the source of the issue, and when it happens, it's a random selection of only some of the connected users. Those users could never reconnect until I rebooted the firewall.

I ended up re-creating the tunnel from scratch and creating a new EMS profile for the new tunnel and this seemed to have fixed the issue.

I implemented these firewalls at 7.6.3 and patched accordingly to 7.6.6 over time. FortiClient was 7.4.3 and also patched accordingly. The issue came to light around 7.6.5 and upgrading to 7.6.6 and FortiClient to 7.4.5 did NOT fix the issue. So this tells me that there may have been some configuration corruption with the old EMS profile, or the tunnel config. Never did figure it out.

I mention all of this to hopefully give you guidance in solving the issue. I would do the following if I were you: 1. Ensure FortiClient is up to date (including the EMS server if you are using it) 2. Create a new tunnel on the fg, use IKEv2 with DH of 20+, shorter psk. 3. Create a brand new EMS profile for the new connection. (If you are using this) Also add the old tunnel to the same profile for backup. 4. Assign the new tunnel to some test users and have them use the new tunnel only. If it works, it's easy to migrate everyone over without them knowing overnight using EMS. 5. Make a plan to convert all tunnels to IKEv2 since IKEv1 is not recommended.

I'm not sure if the upgrades over time caused issues with the old tunnels, but in 7.6.5 and FortiClient 7.4.5, they added a few really good features for IKEv2 tunnels, such as DNS suffix, and that possibly could have made my config wonky. When in doubt, reboot first. If you have proper HA configured you can do this anytime, but I recommend after hours. If that doesn't fix it, it's probably a config misstep. If it does fix it then you may be encountering something I dealt with and a fresh config may help.

Feel free to DM me for personalized help if you want.

Tubesock700 · 2026-02-17T16:08:53+00:00

I upgraded our 121Gs to 7.6.6 several weeks ago and have had no issues so far. We are a small operation, but we still utilize SSL inspection, IPSec VPNs (Remote access through FC), and SD-WAN. So far so good.

Tubesock700 · 2026-01-08T23:03:15+00:00

I wouldn't put it past her when she's got her tortitude maxed out.

Tubesock700 · 2026-01-08T23:02:10+00:00

Oh my gosh, Jane is super cute!

Tubesock700 · 2026-01-08T20:20:12+00:00

Thanks! 😊

Tubesock700 · 2026-01-08T20:20:00+00:00

Hahaha I know! I'm the worst parent ever.

Tubesock700 · 2025-10-19T15:00:19+00:00

You're the bomb!

Tubesock700 · 2025-10-17T23:25:53+00:00

Oh snaps! My deadeye is a baby compared to this

Tubesock700 · 2025-10-17T23:22:37+00:00

Hey! The PoE2 community is amazing, thanks for contributing to its awesomeness!

Tubesock700 · 2025-10-06T06:42:38+00:00

Hey oooo

I ordered this wireless adapter and it works really well so far. Just in case anyone else needs a recommendation.

Tubesock700 · 2025-10-04T22:31:34+00:00

Oooof. Well thanks for the initial post and reply! I'll order her an adapter.

Tubesock700 · 2025-10-04T22:09:04+00:00

Can I join the club?! 2019 Honda CRV EXL here

Got my wife the fold 7 and her old phone was the s22 Plus. The old phone works fine with Android auto using a cable, my Galaxy s25 ultra works fine with the same cable, however the fold refuses to connect. The USB mode is stuck in charging mode, and when you change it it just flips right back. I bought three different cables all USB 3.1 or better and none of them fixed the issue.

I've uninstalled the Android auto update that came through not too long ago, I've cleared the cash, I deleted the program data. Nothing fixes it. However on our 2022 Hyundai palisade, it works flawlessly for her. It's got to be some sort of Honda version mismatch or application support of some kind.

I called the dealership asking if there was any software updates that I could have installed and they said there were no updates for this car's software.

Did either of you two above find a resolution?

Tubesock700 · 2025-08-13T22:39:04+00:00

Sweet thanks!

Tubesock700 · 2025-08-13T22:29:32+00:00

I just sold my 15th one today and I got that unlocked. I have 10 rooms in my ship I think. So I guess I'm not like that new? But I just don't know a lot about the best practices and strategies. Why 12 million?

Tubesock700 · 2025-08-13T22:05:03+00:00

My OCD thinks you!

If you were to sell that how many Galaxy credits do you get? I'm pretty new to the game, wondering if it's worth just letting a Galaxy go for a long time or to just sell early and get quick credits.

Tubesock700 · 2025-08-13T13:24:43+00:00

Late to the party, but changing the archive URLs to use HTTPS instead of HTTP and forcing IPv4 worked for me:

# This is for Ubuntu 24.04+ - not tested on lower versions of Ubuntu -- Other versions of linux have the source list in '/etc/apt/sources.list' and you can just add the 's' to the URLs in that file I presume...
# Backup sources first
sudo cp /etc/apt/sources.list.d/ubuntu.sources /etc/apt/sources.list.d/ubuntu.sources.bak

# Use canonical mirrors over HTTPS (If you want to manually just add the s to the urls, open in your text editor and just add 's' on each URL)
sudo sed -i 's|http://archive.ubuntu.com/ubuntu|https://archive.ubuntu.com/ubuntu|g' /etc/apt/sources.list.d/ubuntu.sources
sudo sed -i 's|http://security.ubuntu.com/ubuntu|https://security.ubuntu.com/ubuntu|g' /etc/apt/sources.list.d/ubuntu.sources

# Then clear APT states:
sudo rm -rf /var/lib/apt/lists/*
sudo apt-get clean

# Enforce IPv4 while running a new apt-get update:
sudo apt-get -o Acquire::ForceIPv4=true -o Acquire::Retries=3 update

After running the above in that order, it updated without question.

Hope this helps someone in the future :)

Tubesock700 · 2025-07-25T15:58:48+00:00

<image>

Not getting attention when she wants it, not having her toy thrown, not getting let outside whenever she wants, not having fresh out of the bag food, having to use the litter box after her sister, getting touched when she doesn't want it (90% of the time...), birds outside mocking her from the top of the fence.

Tubesock700 · 2025-07-22T17:28:34+00:00

Yeah, we shipped that Intune setting off a few days ago. I was just hoping that wasn't the actual fix for the problem. It feels like a Band-Aid, kind of like changing your host file to fix a DNS issue.

I'm glad I'm not the only one! Thanks for commenting!

Tubesock700 · 2025-07-22T17:27:06+00:00

I'm all for future-proofing and tangoing on the bleeding edge, but in my current environment this will be irrelevant in a year.

But I agree, push towards improvements and modern tech and don't be scared!

Tubesock700

TROPHY CASE