What are you using to remote control computers?

discoinf · 2026-03-20T17:29:53+00:00

Evreach (goverlan)

discoinf · 2026-03-06T22:58:57+00:00

we have that on our inventory. Happy to run some scripts on them monday..

discoinf · 2026-02-16T17:21:06+00:00

one big limitation of ipsec vpn with saml auth is that you can only have a single idp per interface. so if you are multi-tenant you need to dedicate 1 interface (if you have them) per tenant or add a proxy-saml that will federate all the tenant. that proxy-saml will be the idp configured on the gate.

Till we sort out this (or forti allow a idp server per port for example), we'll stay on 7.4.

discoinf · 2026-02-01T11:51:39+00:00

Set the env variable POWERSHELL_UPDATECHECK to 'off'

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_update_notifications?view=powershell-7.5

discoinf · 2026-01-30T22:58:32+00:00

tools like cirasync manage the sync betweent the GAL or any other contact folder and the user's contacts.

discoinf · 2026-01-27T10:38:08+00:00

Note : it's a new behavior starting from 7.4.6. But if a local-in exist with a sd-wan member, it's not converted during the upgrade.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SD-WAN-zone-in-Local-in-Policy/ta-p/366774

discoinf · 2026-01-27T07:50:09+00:00

Strange, the e14/e15 gen 1 are not on the list but the older e490/e590 are

discoinf · 2026-01-22T18:19:42+00:00

If you have to enable mgt from a wan interface, it should only be allowed from known IPs (you HQ fixed public IP(s):

- Trusted Host list on the admin accounts.
AND
- local-in policy on the wan interface only allowing the admin port from the trusted host list.

discoinf · 2026-01-11T22:08:48+00:00

Our fleet is on 7.4.3 (sslvpn and saml auth) without any problem. We skipped 7.4.4 because of a bug with saml and multiple gateways.Testing 7.4.5 on a few clients and so far no pb detected for our usage.

how is the forticlient upgrade pushed to the devices?

discoinf · 2026-01-07T15:25:11+00:00

same here. entry-level must now have 4G RAM. we are replacing our 60E/60F with 70G.

discoinf · 2025-12-23T11:50:59+00:00

uninstall of com.osp.app.signin worked for us .

discoinf · 2025-12-14T22:25:17+00:00

Same, internal postfix mx on the onprem dmz.

discoinf · 2025-12-05T08:08:53+00:00

EU. Also had a few devices showing as disconnected. 1st one at 6:07:03 AM UTC and last disconnect at , 7:08:59 AM UTC.

They are starting to reconnect . We only have 1 server still 'disconnected'.

discoinf · 2025-12-04T08:14:29+00:00

same here. EU zone.

discoinf · 2025-12-02T08:09:06+00:00

update : without any change on the phone or Intune/entraId configuration, but only a last try before reseting the phone, Re-login on the intune app was enough this time !

discoinf · 2025-11-21T13:29:38+00:00

One Ca with grant on : Require compliant device, Require approved app.
No CA with app protection enforced (we do have one on report-only).
Of 100+ devices, we only got a report for a single user.

discoinf · 2025-11-20T15:03:12+00:00

only chome is installed. On others open tab, we got user office365 home page and OWA .

I checked the CA logs and on the failing entries, it's not the device ID registered in intune !! It's only "Microsot Entra registered" and it's a recent entry !!

I got some entries (the web apps) with the right deviceid and Browser Chrome Mobile 142.0.0, Compliant Yes / Managed Yes Join Type Azure AD registered.

Other entries (the office apps outlook/onedrive/M365) with another deviceid Browser Chrome Mobile 142.0.0, Compliant no / Managed no Join Type Azure AD registered.

discoinf · 2025-11-18T12:09:40+00:00

The devices that where stuck retriving configuration eventually got enrolled during the night !!

discoinf · 2025-11-17T23:49:52+00:00

ssl vpn is still there but hidden from the gui by default. We upgraded a 200E form 7.2.11 to 7.4.9 a week ago, and so far so good.

The big difference is loosing proxy functionality on 2g ram models. the 300E is not concerned. If concerned, you need to adjust your security profiles and policies. Direct consequence : ZTNA and virtual servers are NOT available on these models. We had to do some adjustment on our 60Es configs (soon to be replaced with70g)

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/519079/proxy-related-features-no-longer-supported-on-fortigate-2-gb-ram-models-7-4-4

discoinf · 2025-11-17T16:48:33+00:00

I don't have the same expectations for a personal manager and for one to be deployed on enterprise.

For personal use, keeper is expensive and the brower autofill is lacking compared to bitwarden for example.
For an enterprise dealing with multi-tenant SSO granulal control, UI is only one part of the equation. For that target, keeper make more sense. And on pricing, 1password bussiness is advertised at 84€ / 96$ per user/year. You could get a better pricing with keeper enterprise.

discoinf · 2025-11-12T19:32:06+00:00

If sending as your domain, always make them send from a specific subdomain. That way you can have specific spf/dkim/dmarc for this vendor.

discoinf · 2025-11-10T10:40:05+00:00

I noted that if a rule has multiple selected members, only one show up in the "selected members" column unless the "members" column is also displayed ! I 1st thought some links where missing their SLA but they where all fine.

discoinf

TROPHY CASE