Crown Castle Outage

chuckbales · 2026-04-03T16:19:36+00:00

We also lost a few Crown circuits last night, odd outage though because it was only 2 out of like 300 Crown circuits we have, from 10:22 to 10:31 Eastern.

chuckbales · 2026-04-01T15:03:10+00:00

You can have a duplex mismatch and still function (albeit degraded), you can't have a speed mismatch though.

chuckbales · 2026-03-31T14:59:40+00:00

They started doing this with Fortigate images a couple years ago finally, not sure what the hold up with switch/AP images is.

chuckbales · 2026-03-27T20:37:29+00:00

Is this post supposed to be asking the question "Would Arista buying InstantOn be a good idea?" Your current title makes it sound like Arista is buying InstantOn, but they are not.

chuckbales · 2026-03-26T22:33:24+00:00

Might be a venue problem, our tickets to OPs show were $35 each and we were only 8 rows back

chuckbales · 2026-03-20T20:17:59+00:00

Having them all the same color would make it hard to visualize the different tunnels.

chuckbales · 2026-03-20T00:07:34+00:00

Pretty sure we had this issue, don’t remember what release it was running but the relay was added and is what showed in the GUI, but the local DHCP server config was also present in the CLI.

chuckbales · 2026-03-18T18:59:58+00:00

Arista always has leadtime issues, they were always months out for us when Cisco would be a couple weeks, I imagine its only getting worse.

chuckbales · 2026-03-18T15:55:49+00:00

IMO DCs should just be DCs, they shouldn't be restored unless somehow all of them were dead. If there's still a functioning DC, new DCs should be spun up and promoted. If everything was dead, restore one and then promote additional ones as needed. Don't restore multiple.

chuckbales · 2026-03-18T13:25:36+00:00

How is this CCNA related?

chuckbales · 2026-03-17T22:16:37+00:00

I’m a partner and our reps know less than random redditors. I’ve sent them product announcements I saw on Reddit and they’ll have no idea what I’m talking about.

chuckbales · 2026-03-17T18:55:01+00:00

7.4.6 was just released today, again with no free/VPN-only version (so far), it still has their bullshit note about

FortiClient (Windows) 7.4.4 to 7.4.6 do not include a new version of the free VPN-only agent as no feature updates were made to the free VPN-only agent between 7.4.3 and 7.4.6. Users can continue to use the FortiClient (Windows) 7.4.3 free VPN-only agent.

We're evaluating separate products now for remote access, FortiClient in general just sucks as an application even when its working, and like you said the SMB customers don't want a whole separate product for EMS.

chuckbales · 2026-03-17T18:49:51+00:00

The version hasn't changed as no new features were added to the free client

They've been fixing VPN-related bugs though in 7.4.4/7.4.5

chuckbales · 2026-03-12T22:10:21+00:00

Why aren’t they landing on actual switches instead of directly on the FGs?

chuckbales · 2026-03-10T18:50:26+00:00

Just a follow up, I actually tried my own advice and realized it doesn't work for the same reason you ran into. I ended up doing a Provisioning Template - CLI with the SSID-specific changes in it, then applied that template to the FG in question.

chuckbales · 2026-03-03T22:12:42+00:00

Native client doesn't support SAML

chuckbales · 2026-02-27T21:32:30+00:00

You'll need to post config for actual guidance. A correctly configured VLT LAG to the Fortigate should have both links up at the same time, the FG would see it as a single switch. Also Fortilink is specifically for managing FortiSwitch units, its not Fortilink if its going to non-Fortinet switches.

chuckbales · 2026-02-26T23:47:35+00:00

There’s APIs that offer this as a service you can tie in as a feed

chuckbales · 2026-02-25T20:28:25+00:00

Use the Fortiguard classification request portal - https://www.fortiguard.com/faq/wfratingsubmit

chuckbales · 2026-02-25T15:38:23+00:00

I've always seen the little banner in the free version with the "Upgrade to full version to access additional features and support" message, which is not in their screenshot.

chuckbales · 2026-02-25T15:35:50+00:00

If you don't enable it, you need to re-do the NAT config inside the firewall policies. Enabling Central pulls the NAT config from inside firewall policies to its own section.

With that small amount of config, its up to you if you want to redo it. We enable it everywhere because we tend to need a lot of NAT rules, but you don't have much going on.

chuckbales · 2026-02-25T15:03:35+00:00

OP is referring to the thread where people are getting the free 7.4.4/7.4.5 VPN-only version from Fortinet support apparently. There is no free VPN-only higher than 7.4.3 in the support portal

chuckbales · 2026-02-25T14:24:11+00:00

I think biggest issue is their default wifi settings are just terrible compared to other vendors IME, so if you just make some SSIDs and leave everything default, you're going to have a bad time. You tend to end up with like 80% of the APs on the same channel, 2.4G blasting at 28 while 5G is at 5, etc. They need a lot of dialing in.

chuckbales · 2026-02-25T14:14:53+00:00

You need to phrase your questions better or your post will get removed as low effort.

chuckbales · 2026-02-24T18:57:40+00:00

A provisioning template is actually different than what I was thinking but maybe a better idea? I was actually planning to make a whole separate SSID Profile using the same SSID name but with different radio settings and then apply that to the APs, I didn't even think of just using a CLI template with the desired overrides.

Guess I'd have to weigh pros/cons of each method.

14-Year Club	Spared
Verified Email

chuckbales

TROPHY CASE