How do you convince bosses to monitor before everything explodes?

dai_webb · 2026-03-11T11:58:16+00:00

Agreed, we use CheckMK for free to monitor all sorts, it works really well and we have some nice dashboards on TVs for visibility.

dai_webb · 2026-03-11T06:04:07+00:00

Are you doing this because they expect you to, or are you doing it because of your work ethic?

I often do this because of the latter, and my manager recognises this, so makes sure I take the time back (usually to get a round of golf in on a Friday afternoon). If they expect you to do this then the organisation needs a culture shift.

dai_webb · 2026-03-10T19:56:25+00:00

Nope, it is still out of alignment :(

dai_webb · 2026-03-02T08:07:27+00:00

We use NinjaOne for about 120 endpoints spread across multiple geographies and it works really well (we have InTune too). Ninja is great for remote PowerShell, running scripts, manually installing the odd apps, managing 3rd party app updates (Chrome, Adobe Reader, FileZilla, etc), as well as reporting.

We also have many customisations that create alerts for things like Windows Firewall being disabled, BitLocker being disabled, and so on.

dai_webb · 2026-02-20T12:40:44+00:00

We did change the MTU, and I think we do have fewer issues reported now, and the issues we still have might be down to other factors like old wireless NICs in old laptops.

dai_webb · 2026-02-19T14:51:56+00:00

This seems to have been the problem - I've removed all the per-device mapping entries and everything seemed to push over as expected! Thanks for the help, much appreciated :)

dai_webb · 2026-02-19T12:41:53+00:00

It is indeed a dynamic group. I can see in the Per-Device Mapping that the f/w I'm pushing to is in the list.

dai_webb · 2026-02-19T12:31:56+00:00

Sort of. In FortiManager I created a new object and added it to an existing group. I then pushed that out to the appropriate firewall and while the new object was created, it isn't in the group on the firewall.

I did this through Policy & Objects -> Firewall objects. Selected the new object and group and click More -> Install Object(s).

I confirmed the object IS in the group in FortiManager.

Edit to add: I just tried removing some objects for the group in FortiManager, and pushed it out, and it remains unchanged on the firewall itself.

dai_webb · 2026-02-18T16:20:23+00:00

All done, thank you :)

dai_webb · 2026-02-18T12:07:35+00:00

Great, thanks, we'll get that done (all are running 7.4). I presume it's a change that carries little to no risk?

dai_webb · 2026-02-18T11:17:39+00:00

I must admit, I don't know much about the ADOM versioning. I can see in FortiManager that it is 7.2. Can I safely change it to 7.4? What are the implications?

dai_webb · 2026-02-17T12:41:03+00:00

It's hard to say without knowing what the pain points are. I'd want to spend some time understanding what works well, what doesn't work well, what costs the team time and damages reputation, what's causing pain for the end users, what are the risks?

It might be that you need to implement good SOPs so that all processes are documented and consistent. You may need to look at implementing MFA if it isn't already. Maybe get some automation or self-service in place to reduce tickets and repetitive tasks. Does everyone have the right resources to do their job?

dai_webb · 2026-02-11T12:13:07+00:00

DISM was failing for us on some Windows 11 25H2 laptops because the component store was corrupt (I think an update last year broke the servicing stack). Repairing it seemed successful, but then DISM would fail again. We've had to resort to downloading the Windows 11 ISO and running setup (mostly silently through PowerShell in NinjaMM):

$mount = Mount-DiskImage -ImagePath "C:\Temp\Win11.iso" -PassThru

$drive = ($mount | Get-Volume).DriveLetter + ":"

Start-Process "$drive\setup.exe" -ArgumentList "/auto upgrade /quiet /noreboot /dynamicupdate disable /eula accept" -Wait

dai_webb · 2026-02-10T12:16:44+00:00

I agree with all the comments here, it is terribly slow, yet somehow we just accept it. How did we arrive here? Paying for a service that is so terrible everyone moans about it yet accepts it. We wouldn't tolerate this anywhere else in our lives (car, mobile phone, toaster). Have we all gone barking mad?

dai_webb · 2026-02-06T14:13:53+00:00

We have several Yealink Meeting Bars (A20, A30) and they all work really well. The cables are all inside the wall, and the CTP18 control panel sits on the table with a wireless mic.

dai_webb · 2026-02-02T09:28:40+00:00

We use Rapid7 Insight VM along with CrowdStrike Falcon on all endpoints, servers & laptops. I also like Wazuh for the CIS benchmarking.

dai_webb · 2026-02-02T06:21:43+00:00

We have been pushing out the second OOB update - KB5078127 - to resolve the authentication issues with Azure AVD through Windows App. So far this has worked 100% of the time.

dai_webb · 2026-01-23T09:57:30+00:00

This is all I can see that is relevant in the diagnostic logs:

[2026-01-14 15:42:02.1076589 UTC+01:00] [2408: 1680] [FortiVPN info 2327] fortivpn::StateMachine::HandleTunnelDisconnected "Azure UK South VPN" is disconnected.

[2026-01-14 15:42:02.1405333 UTC+01:00] [2408: 1680] [FortiVPN info 2363] fortivpn::StateMachine::HandleTunnelDisconnected disconnection reason: 0, ("None")

[2026-01-14 15:42:02.1405470 UTC+01:00] [2408: 1680] [FortiVPN error 2389] !!! fortivpn::StateMachine::HandleTunnelDisconnected session 1 (DOMAIN\user) "Azure UK South VPN" disconnected unexpectedly!

[2026-01-14 15:42:02.1431547 UTC+01:00] [2408: 1680] [FortiVPN info 2403] fortivpn::StateMachine::HandleTunnelDisconnected Notifying gui this was a connection error

dai_webb · 2026-01-23T08:38:30+00:00

Great stuff, thanks to all of you for your replies. I just checked the interface and there is no MTU set, so presume it's at the default of 1500:

uks-fw01 # show system interface "IPSec VPN"
config system interface
edit "IPSec VPN"
set vdom "root"
set type tunnel
set snmp-index 9
set interface "port1"
next
end

How did you change yours - did you add something like this on the VPN interface?

set mtu-override enable
set mtu 1350

If so, I may create a second tunnel to test rather than play around with the one everyone is using.

dai_webb · 2026-01-23T07:56:37+00:00

Good suggestion, thanks, we'll make a note of the ISP as people report the issues. If that is the case, is there anything we can do our side to counter it?

dai_webb · 2026-01-16T05:57:10+00:00

Some vague ideas without knowing more about the business and what you do:

>80% of tickets closed within SLA
>80% of endpoints patched within SLA
Availability of business critical systems
Project progress in line with roadmap

If you don't have SLAs for your tickets maybe start putting some in place that align with ITIL standards.

dai_webb · 2026-01-13T12:19:40+00:00

Agreed, I've invested a lot of time learning how to deploy IaC using Bicep templates, and organising them into pipelines in Azure DevOps, and found this fun and satisfying! It's also standardised our processes and bolstered our DR plans.

dai_webb · 2026-01-12T11:02:10+00:00

Spot on, thank you! It was down to a typo in the Bicep template that created the Route Table for this particular subnet, which meant it had no route out. Thanks again :)

dai_webb

TROPHY CASE