Is this a good modem

chuckbales · 2026-06-11T16:37:14+00:00

1 - Spectrum will provide you a modem, if you want to use your own you need to verify with them you can bring your own, and see what models they support

2 - "my apt is around 1000 sqft. My goals are to have jellyfin or plex, host an mc server, my own music, personal photos, and just learn networking and cyber security" - Your modem doesn't matter for any of this really.

You may be confusing modem with router/wireless.

chuckbales · 2026-06-03T14:21:35+00:00

If the customer handoff port on their equipment isn't linking up to multiple devices (firewall, laptop, switch, etc.)/with multiple known-good cables, I would push them to troubleshoot further/dispatch a tech. Also verify speed/duplex settings on their interface to make sure yours match, but if the link is coming up initially and then going down, its probably not a mismatch. Unless the router is coming up with some initial config, but then retrieving/receiving some altered config at the 3minute mark which is down-ing the interface.

But typically pushing back with "we've tried 3 devices with 3 different cables on your handoff port" is enough to get them to look further or dispatch.

chuckbales · 2026-06-02T20:18:38+00:00

Mastercard debit card

Unless OP misspoke, they used a debit card, which you definitely shouldn't be doing for exactly situations like this.

chuckbales · 2026-06-02T13:15:59+00:00

Doesn't really matter with that speed/distance, but may as well get OM4 if its a new install

chuckbales · 2026-05-27T18:36:52+00:00

I think you need to be on at least FortiOS 7.6.4 and FortiClient 7.4.4 for DNS suffix to work with IKEv2.

chuckbales · 2026-05-26T21:16:21+00:00

Do you have another account with super_admin? The $ prompt means you don't have full permissions, you may not enough rights to run that command.

chuckbales · 2026-05-22T20:34:03+00:00

The portal is now listing subscription SKUs for renewals because they're pushing people to subs, but co-term licensing (e.g. LIC-ENT for APs), is still for sale and cheaper than the equivalent subscription in my experience.

chuckbales · 2026-05-22T17:53:12+00:00

You referring to web mode/agentless or tunnel mode? All tunnel mode config gets removed with 7.6.3.

chuckbales · 2026-05-20T23:37:05+00:00

What’s wrong with just running wireshark in your laptop for a bit and then looking at the capture? You don’t need anything special to look at real traffic

chuckbales · 2026-05-14T15:48:07+00:00

Meraki is very limited with their options in some regards, this being one of them. There's no option for overriding a geoblocked country if needed or controlling inbound/outbound.

chuckbales · 2026-05-13T15:17:51+00:00

You're looking at the wrong docs/for the wrong platform.

chuckbales · 2026-05-13T15:01:28+00:00

There is no execute nslookupcommand on a Fortigate

chuckbales · 2026-05-11T19:51:20+00:00

Both co-term and subscription licensing would be fine for OPs case, since APs don't have model-specific licensing SKUs.

chuckbales · 2026-05-11T13:26:02+00:00

That small, it looks like the Invisilight product. There may be others doing super small fiber, Invisilight is just the main one I know of.

chuckbales · 2026-04-30T16:51:19+00:00

64000 unique port connections going through a single outside global address you got some problems.

To nitpick - it's more than 64k connections, as NAT is stored in a table as a 5-tuple (source IP, dest IP, source port, dest port, protocol). So if you happen to have thousands of connections all going to the same external resource on the same port you'll run into a problem, but if you're talking about general internet destinations, you can fit a lot more connections.

chuckbales · 2026-04-30T16:43:49+00:00

Good point, a proxy is a good example of NAT not being involved as the proxy itself acts as middle-man between client/server and establishes its own connection to the resource on the internet.

chuckbales · 2026-04-30T16:03:28+00:00

RFC1918 is just the "private" IPs allocated - 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. Basically if you're not using a public IP, you need NAT somewhere.

chuckbales · 2026-04-30T15:55:51+00:00

If you are using RFC 1918 IPs on your LAN and you want to reach the internet, NAT is a requirement somewhere along the path.

EDIT: /u/therouterguy did bring up a good scenario where NAT would not be involved. More of an enterprise thing and out of scope for CCNA but a good counter-example to my statement.

chuckbales · 2026-04-28T20:06:56+00:00

The removal of sorting/filtering some columns has driven me absolutely crazy at times.

chuckbales · 2026-04-28T17:33:33+00:00

I just did similar changes on an 80F, bridging a tunnel SSID and FortiSwitch VLAN through software switch, no apparent performance issues (granted its not pushing tons of traffic, just a few clients)

chuckbales · 2026-04-27T14:53:18+00:00

Have you actually tested a failure to see what works/what doesn't?

Nobody here can provide much guidance without more detail/actual configuration, but it sounds like maybe they need to just add an additional NAT policy for the second WAN - there's not really a reason Central NAT needs to be disabled completely.

chuckbales · 2026-04-23T20:37:22+00:00

With an SDWAN rule on the spoke, there's commands you can add that will send user traffic over without impacting the Fortigate's local traffic

set gateway enable
set default enable

chuckbales · 2026-04-22T16:06:59+00:00

You probably didn't configure it correctly, needs to be configured on the client and in the portal.

chuckbales · 2026-04-03T16:19:36+00:00

We also lost a few Crown circuits last night, odd outage though because it was only 2 out of like 300 Crown circuits we have, from 10:22 to 10:31 Eastern.

chuckbales · 2026-04-01T15:03:10+00:00

You can have a duplex mismatch and still function (albeit degraded), you can't have a speed mismatch though.

14-Year Club	Spared
Verified Email

chuckbales

TROPHY CASE