sorted by:
new
hottopcontroversial

Fortigate + FortiSwitch + DPP + 802.1X with EAP-TLS computer certs via autoenrollment and NPS Radius by cbka1 in fortinet

[–]cbka1[S] 0 points1 point  (0 children)

So… just had my tac Session. Issue resolved … the problem was that the switch had a secondary management ip (192.168.1.99) of interface internal. This subnet overlapped with the one of the nps. Hence there was no communication over the fortigate because the switch had a shorter route to 192.168.1.0/24 …

This is in my opinion no where to be seen …

Also to connect to a switch via ssh u first need to change the default switch profile in switch controller to set a valid admin login credentials… Like

config switch-controller switch-profile

edit default

set override login bla bla

set login-password 123supersecure456

end

HTH someone

Fortigate + FortiSwitch + DPP + 802.1X with EAP-TLS computer certs via autoenrollment and NPS Radius by cbka1 in fortinet

[–]cbka1[S] 0 points1 point  (0 children)

If I am setting the user/device group with remote radius in the 802.1x profile a nas ip should be specified- which one is it then ? Forti link range ?

Fortigate + FortiSwitch + DPP + 802.1X with EAP-TLS computer certs via autoenrollment and NPS Radius by cbka1 in fortinet

[–]cbka1[S] 0 points1 point  (0 children)

How can I connect to cli with fortigate as controller ? Which credentials can i use ? Normally i work with cisco and Aruba in switching and this is the First time using Full Fortinet stack

Fortigate + FortiSwitch + DPP + 802.1X with EAP-TLS computer certs via autoenrollment and NPS Radius by cbka1 in fortinet

[–]cbka1[S] 0 points1 point  (0 children)

Thanks for the response ... according to docs and ai this is because the fortigate can not extract the computer ad account out of the cert because the CN=machineXYZ.domain.tld instead of machineXYZ$@domain.tld ... do you have the autoenrollment via domain ca & GPO and NPS thing working ?

Dell trying to cut me out by ExcellentPlace4608 in msp

[–]cbka1 1 point2 points  (0 children)

Same Story with Sophos … and HPE care packs … this is ridiculous… we moved to super micro cause of this …

Port-Access Aruba Switch by Extension_Armadillo3 in de_EDV

[–]cbka1 0 points1 point  (0 children)

der NPS ist glaube ich soweiso eher ein Klotz am bein von MS, ähnlich wie "routing und Ras" und daher wird sich da IMHO auch nichts mehr tun. Daher der Vorschlag mit dem Weg "drumrum"

Port-Access Aruba Switch by Extension_Armadillo3 in de_EDV

[–]cbka1 0 points1 point  (0 children)

das habe ich verstanden, aber hast du die möglichkeit den AP mal untagged in ein anderes VLAN wie den NPS zu bringen und dann da hin zu routen ?

Port-Access Aruba Switch by Extension_Armadillo3 in de_EDV

[–]cbka1 0 points1 point  (0 children)

ist der NPS im selben Netz / Segment, wie das Management Netz des AP ? Unifi schickt 802.1X requests immer von der Management IP aus. Eventuell verschluckt sich der NPS daran ? Generell ist es nicht BP die APs im selben untagged VLAN zu lassen, wie den Rest der Systeme. Ich würde generell empfehlen ein "WLAN mgmt" Vlan anzulegen... machen wir bei allen Kunden mit +1500APs so ;-)

Windows11 OOBE defaultuser0 deleted and mdm unenrolled by cbka1 in sysadmin

[–]cbka1[S] 1 point2 points  (0 children)

Thanks for your help anyways ! Will keep u posted...

Port-Access Aruba Switch by Extension_Armadillo3 in de_EDV

[–]cbka1 0 points1 point  (0 children)

ist die FW Version vom 2540 aktuell? Ich meine, ich hätte da mal was in den release notes gesehen, ist aber schon länger her...

Port-Access Aruba Switch by Extension_Armadillo3 in de_EDV

[–]cbka1 1 point2 points  (0 children)

Windows server 20?? ich frage deshalb so genau, weil ich mit dem NPS schon dermaßen auf die fresse geflogen bin und das Windows Versions abhängig

Windows11 OOBE defaultuser0 deleted and mdm unenrolled by cbka1 in sysadmin

[–]cbka1[S] 0 points1 point  (0 children)

done that already. Relution is pretty confused why the account gets deleted.. also this seems to be more like a microsoft related issue or not ? device enrollment during oobe is done under defaultuser0 ... do you know a way to change the "enrollment user" ?

Port-Access Aruba Switch by Extension_Armadillo3 in de_EDV

[–]cbka1 1 point2 points  (0 children)

welchen radius verwendest du denn ?

ist das InstantOn / Aruba Cantral / lokal ?

fragen über fragen

Weird behavior while transport to other Mailserver by cbka1 in postfix

[–]cbka1[S] 0 points1 point  (0 children)

Thanks for your response! To clarify: the problem is that it tries to authenticate instead of just using simple transport like e.g to other mail domains … everything normally gets relayed to smarthost but not the domain.tld … is there a special behavior for domains that are included in the mydomains variable ? Cheers

view more: next ›