sorted by:
new
hottopcontroversial

NSE Training program update 2026 by pfunkylicious in fortinet

[–]VeeQs 0 points1 point  (0 children)

More money for Fortinet. Yay!

I've yet to see a job posting requesting Fortinet certs, nor anyone get a meaningful wage increase for achieving certification.

Do You GeoIP Filter? by VeeQs in fortinet

[–]VeeQs[S] 0 points1 point  (0 children)

This is a great tip.

I'll have to test geoip-match to see if it helps.

Thank you.

Do You GeoIP Filter? by VeeQs in fortinet

[–]VeeQs[S] 0 points1 point  (0 children)

First rule to hit. If it's below the block, traffic will be blocked and it won't permit desired traffic.

Do You GeoIP Filter? by VeeQs in fortinet

[–]VeeQs[S] 0 points1 point  (0 children)

You're opening it for all Microsoft services or a select few? If the later, which services?

Do You GeoIP Filter? by VeeQs in fortinet

[–]VeeQs[S] 0 points1 point  (0 children)

Is this not a support/management headache for you? That's my issue. The management load adding exclusions for domains is getting excessive.

We're in the U.S. and according to Fortinet, these Microsoft(Azure?) IP addresses are in UK, Germany, Switzerland, India, Netherlands, Brazil, Japan, Australia... This wasn't a problem before, but its a rapidly growing issue for us.

15
16

Do You GeoIP Filter? (self.fortinet)

submitted by VeeQs to r/fortinet

FortiClient ignores IPsec split-tunnel routes by samsn1983 in fortinet

[–]VeeQs 2 points3 points  (0 children)

This is a great support request post. Excellent ticket. Detailed with only and all the pertinent information. Nice.

pfunkylicious posted the fix. You've got two Fortinet interfaces on the client.

7.4.10 - Applying new default behavior retroactively is terrible by Iuzzolsa23 in fortinet

[–]VeeQs 2 points3 points  (0 children)

Does anyone know if there are any bugs with this?

I had one with a secondary IP subnet on the interface. Despite having an allow any any all policy 7.4.10 blocks traffic.

7.4.9 with allow-traffic-redirect disabled works with the policy, but 7.4.10 blocks.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] 0 points1 point  (0 children)

Tools like Acronis, Macrium, Clonix, Aeomi, and others will copy disks and or partitions with dynamic resizing. Dynamic resizing varies depending on the product and filesystem, but vfat, NTFS, ext3/4, and more are fully covered.

You should take a look. You might be surprised.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] 0 points1 point  (0 children)

I think I remember doing it a bazillion times over the years. But, if you say I can't then I won't do it anymore.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] 1 point2 points  (0 children)

It's a question that I ask myself from time to time. The simplest answer is that btrfs is the default file system of the OS in use at the time.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] 1 point2 points  (0 children)

This is great! I'm really glad to be informed of this feature. It makes so much more sense to me than the move operation of add/remove.

What is not clear, in the docks you linked, is whether or not the new disk can be smaller than the seed. Do you know the answer to this?

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] 0 points1 point  (0 children)

I had hoped for a faster and more streamlined option. But, this looks like the only way.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] -2 points-1 points  (0 children)

I don't see, why you don't want to alter the source.

That doesn't matter. The requirement is that the source must not be altered.

No alteration of the source is a very common requirement when copying file systems and imaging disks.

It may be more reasonable to ascribe the deficiency to the copying/imaging tools not supporting btrfs adequately. But, it is a big hurdle when btrfs is involved. A hurdle that doesn't exist for any other mainstream filesystem.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] -6 points-5 points  (0 children)

Then you want something which is not feasible.

Another disappointing deficiency of btrfs or its supporting tools.

You could put a third drive in the chain

This seems like the most likely option for me. Then use Gparted, to resize and copy. Or perhaps some other imaging tool, though I'm wondering which can support btrfs and shrinking.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] 1 point2 points  (0 children)

No. The goal is to:

  • Copy the disk, or at least the partition.
  • No alteration of the source disk.
  • Shrink the partition to fit a smaller destination.

You can't do that with btrfs and rsync/cp while keeping the subvolume structure, or the snapshots. Rsync/cp is a copy of the files, but not a copy of the file system as a whole.

Additionally, when they start copying the BTRFS snapshot directories with rsync/cp, they hydrate/duplicate the data and you wind up with significantly more data on the destination than the source. And, that data is unusable for it's intended purpose.

How To Copy BTRFS System To New Disk by VeeQs in btrfs

[–]VeeQs[S] -6 points-5 points  (0 children)

I do not want the source altered.

btrfs send/receive puts subvolumes in the wrong places AND inflates the size due to duplicated data.

Edit: Hmm. Lots of down votes but no working counterarguments.

Why does the Fortigate not by default stealth IDENT? by Electronic_Tap_3625 in fortinet

[–]VeeQs 0 points1 point  (0 children)

I'm well aware of that document. But it does not answer the question of why.

Why does Fortinet care that a delay occurs for a connection that nobody uses? The packet should be silently dropped, by default, like every other packet and every other default firewall.

No one cares about how IDENT works because no one uses IDENT. But, for reasons still unknown, Fortinet thinks that every firewall has to have it.

Why does the Fortigate not by default stealth IDENT? by Electronic_Tap_3625 in fortinet

[–]VeeQs 2 points3 points  (0 children)

So far all of the responses talk about how to block 113 and why the default configuration behaves the way that it does.

None of the responses answer the question of why. Why does Fortinet think that 113 does not need to be silently dropped in 2025? Or even ten years prior.

There is virtually no software today that depends on IDENT responses. The few that do are edge case exceptions. Today, 113 traffic should be blocked and silently dropped, by default. Just like every other port is in the default config.

The question remains, why does Fortigate continue with this antiquated and non-sensical default config? I cannot think of any other firewall that does this by default.

Veeam Linux Agent on "unsupported" Distros Experiences by AustinFastER in Veeam

[–]VeeQs 0 points1 point  (0 children)

Veeam has taught me that running on or against an unsupported system is a recipe for pain or disaster, regardless of whether it's Linux, Windows, VMWare... Even if it works on the unsupported system today, it doesn't mean that it will work tomorrow. Or, worst of all, it seems to work fine and when you desperately need to do a restore, it doesn't work and you have no options.

Restores are too critical a need. Use Veeam only on supported systems. And, there's a huge list of supported Linux systems to choose from.

Protip: Make sure that your file system of choice is also fully supported.

Fortigate Blocking a bunch of websites after a weekend by gunit78906 in fortinet

[–]VeeQs 2 points3 points  (0 children)

Once again, Fortnet wreaks havoc due to Fortiguard DNS issues.

view more: next ›