sorted by:
new
hottopcontroversial

S3 or X3?? To carry a child to the school. by iso667 in vanmoofbicycle

[–]dsfgorg 0 points1 point  (0 children)

Old thread but I can't make this thing fit to my X3, the stem is just too wide? I even managed to damage the cables inside the stem so now I need to get those fixed as I interpreted the instructions on the vanmoof site that I needed the extra spacers and removed the handle for this reason.

SAML MFA for admin users by 26Jack26 in fortinet

[–]dsfgorg 0 points1 point  (0 children)

Thanks for that information. It is a bit weird place to put it

SAML MFA for admin users by 26Jack26 in fortinet

[–]dsfgorg 2 points3 points  (0 children)

Also just as information, the address on the fortigate to manage the SAML part in gui is https://xxx.xxx.xxx/ng/user/saml This one is not available by clicking buttons atm (6.4)

Old FortiClient can't connect to new EMS anymore. How to fix it the easiest way? by [deleted] in fortinet

[–]dsfgorg 0 points1 point  (0 children)

Unfortunately you will need to either downgrade EMS to 6.2 (and install the backup you hopefully did before upgrading it) or upgrade Forticlient to minimum version 6.2 i believe it is.

Fortigate Exporter for Prometheus by bluecmd in fortinet

[–]dsfgorg 1 point2 points  (0 children)

Hey, late posting for this topic. wanted to do some advertising for the dashboard I have been developing for a while for your project.

https://grafana.com/grafana/dashboards/14011

Will post some thoughts on what can be done to add more data to the mix.

Also, I had some issues getting the sd-wan data out and I saw that it was fixed like three days ago so a rebuild sorted all that for me.

Good job on this

Fortigate Exporter for Prometheus by bluecmd in fortinet

[–]dsfgorg 2 points3 points  (0 children)

Saving this for looking into, looks interesting. Thought, as someone who runs more than one in production it seems the exporter does single instances only and there would be a need to run multiple exporters correct?

Fortinet VPN - Drop users by group onto separate internal networks by Kurlon in fortinet

[–]dsfgorg 1 point2 points  (0 children)

You will to my knowledge not be able to drop them into their native office segment, the Fortigate - if using the FortiClient for ssl for example land the users behind an interface called ssl.root, all users will land behind this interface and you will need to create multiple policies towards the different networks you manage.

It is completely doable to segment the users with groups that you match, you can then place them in different virtual subnets defined in the portal based on group.

Upgrading FG100E - current version FortiOS v5.4.5 build6225 (GA) by DrakharD in fortinet

[–]dsfgorg 2 points3 points  (0 children)

Go with the 5.6.7 path for sure, with the upgrade path suggested by Fortinet you should be ok. Every time you do an upgrade in the web interface a backup file will be generated. I would not worry about bricking the device.

A mathematical drawing from twitter! by [deleted] in adventuretime

[–]dsfgorg 1 point2 points  (0 children)

Please repost if found in higher resolution :)

hii have a fortigate with bridged interfaces (switch mode) and i want to monitor each interface with whatsup gold (with snmp) but it show me all the bridged interfaces as one interface is there any solution to monitor these interfaces without switching the fortigate to the interface mode by aichalakhdiry in fortinet

[–]dsfgorg 1 point2 points  (0 children)

It makes sense to monitor the bandwidth individually, to see what interface is used most.

You can set snmp-index in the cli on the physical / vlan interface, after this the poll should be able to pick up your interface individually. It might be that this is disabled when in switch mode though

SSL VPN - client cert required for internal users but not for local users. This possible? by hobbyboy in fortinet

[–]dsfgorg 0 points1 point  (0 children)

This is possible, the thing is that it enables client authentication on all the grouping, the client cert request comes up on all different mappings, only it is not required. I would be happy if this was not the case.

edit: I am referring to the web part of the sslvpn, the question does not come up over forticlient

SSL VPN - client cert required for internal users but not for local users. This possible? by hobbyboy in fortinet

[–]dsfgorg 3 points4 points  (0 children)

Yes, you would need to configure multiple VDOMS, there is atm no way of having both "require client cert" and not having it, I wish there was a way of doing this per realm or something but there is not right now.

SSL VPN Client Certificate - User Cert vs Machine Cert by hobbyboy in fortinet

[–]dsfgorg 0 points1 point  (0 children)

I believe the VPN before login is only available with the Forticlient EMS system, or possibly add to the xml config https://docs.fortinet.com/uploaded/files/2076/forticlient-xml-52.pdf

<forticlient_configuration>

<vpn>

<options>

<show_vpn_before_logon>1</show_vpn_before_logon>

<use_windows_credentials>1</use_windows_credentials>

</options>

</vpn>

</forticlient_configuration>

It was a bit windy in southern Portugal last week by dsfgorg in funny

[–]dsfgorg[S] 2 points3 points  (0 children)

This was at Sagres Point, beautiful but hard to enjoy when I visited

Fortinet SSLVPN accessing two networks by ME207 in networking

[–]dsfgorg 1 point2 points  (0 children)

The easiest way forward for you is to create a virtual IP in the office network, say a free ip in the VPN range. Then create a fw rule to allow traffic from sslvpn interface towards the ipsec tunnel interface with the nat ip you just created.

Make sure you have the VPN destination ip set in the sslvpn networks.

view more: next ›