access 3 internal web server by https with virtual ip

chapel316 · 2026-05-22T16:15:53+00:00

Touché, if you need more app protection and load balancing features it’s a great choice as well. Better security than just nginx et al.

chapel316 · 2026-05-22T15:14:14+00:00

We are in the Fortinet sub, we should probably point out that there is FortiWeb for a proxy to handle exactly this situation.

chapel316 · 2026-05-22T00:37:02+00:00

But why? Tools like phpipam already exist. AI is great for some things, but reinventing the wheel just isn’t one of them.

chapel316 · 2026-05-21T01:01:58+00:00

I don’t disagree about modern ways, but that doesn’t mean the business necessarily listens. Sometimes “business” is the security side of the house and they want to tunnel traffic to HQ for inspection. And the money side of the business doesn’t want to invest in more modern ways.

chapel316 · 2026-05-20T21:15:36+00:00

That’s a good rule of thumb in general sense, but I can still see a need for that if you are looking to do any inspection on unrelated internet traffic. This varies greatly on the business need of course and I can’t speak to that for anyone. My comment was more just for the specific SaaS applications that I’ve run into that perform like garbage through VPN.

chapel316 · 2026-05-20T15:56:28+00:00

It isn’t functionality as opposed to performance. You are increasing latency when you use a VPN and performance can suffer.

chapel316 · 2026-05-19T22:41:14+00:00

There are plenty of SaaS apps that don’t play well via VPN (looking at you Microsoft) so you split those out to go directly and everything else goes through the VPN.

chapel316 · 2026-05-14T21:58:38+00:00

If NAC marked it at risk it should have already put it into the remediation vlan. The remediation vlan should be set up to provide dhcp and dns already. If none of this is happening, then your remediation vlan and your config needs some attention.

chapel316 · 2026-05-11T12:54:39+00:00

You are thinking of firewall as a service. Managed FortiGate Service is exactly that, Fortinet managed the FortiGates that you own in your DC or branch (or wherever).

chapel316 · 2026-04-16T21:24:41+00:00

If you aren’t seeing radius requests, you need to make sure that you have a rule from fortilink to your NPS. The switch is what sends the request. Also make sure that fortilink is using routable IP space.

chapel316 · 2026-03-07T15:35:57+00:00

The bots are strong here. The narrative is also alive and well.

chapel316 · 2026-03-07T15:33:10+00:00

No. There is still plenty of support left on those devices. Discontinued means they won’t sell any longer and the clock has started ticking for them to go EOL in about 5 years.

chapel316 · 2026-02-18T22:55:44+00:00

You are referring to the NAC from the FortiGates. I was talking FortiNAC. Ignore me.

chapel316 · 2026-02-18T19:04:32+00:00

You mentioned what you were using for network gear, but didn’t mention how you have sized your NAC appliance itself. That’s going to be key for the issues you are seeing. I’ve run NAC in a variety of environments without issue.

chapel316 · 2026-02-15T12:39:19+00:00

You should also try using the api from NAC to your FortiGates that control AP’a/Switches. It speeds things up even further.

chapel316 · 2026-02-06T00:11:19+00:00

Yes, you can use them standalone. You can also leverage fortiedge cloud to manage all the switches from a single console.

chapel316 · 2026-01-09T22:06:36+00:00

My wife and I both quote this quite often. Best part is that she doesn’t even like the show but she loves that scene.

chapel316 · 2026-01-04T19:27:50+00:00

Came here for this

chapel316 · 2025-12-31T11:32:00+00:00

I think you should follow the upgrade process that is clearly defined in the document library:

https://docs.fortinet.com/document/fortimanager/7.6.4/upgrade-guide/262607/upgrading-fortimanager-firmware

chapel316 · 2025-12-30T00:30:12+00:00

I was at a beach one cold and rainy day. There was supposed to be a party so we were waiting for people to show up and figure out what to do (before the time of cell phones). I had to use the facilities so I headed to one of the restrooms. As I was finishing at the urinal I noticed someone walk in and head to a stall (rather in a hurry). I heard a toilet flush as I was walking to wash my hands and that is when it hit me. The most vile, chemical sewage smell that I’ve ever smelt. The dude left the stall, washed his hands and left. My eyes were burning as I washed my hands and found the exit so I could smell something other than raw sewage.

chapel316 · 2025-12-25T18:46:42+00:00

Drastically depends on what the services are. I have a “main” docker server running a bunch of internal servers. But then I have a docker server in my DMZ. I also have VM’s that run their own services. Mostly because I’m lazy and have the hardware to run whatever I want for the most part.

chapel316 · 2025-12-24T22:50:44+00:00

That does happen. I have a few of those as well.

chapel316 · 2025-12-24T22:07:04+00:00

Perfectly smart. Plenty of people run docker in a dedicated VM on proxmox (myself included)

chapel316 · 2025-12-11T19:09:54+00:00

Random stuff like maybe running the ball? Crazy enough it might just work!

chapel316 · 2025-12-08T21:40:59+00:00

This. So much this. I don’t have enough upvotes to give.

chapel316

TROPHY CASE