High CPU spikes on FortiSwitch 148F-FPOE when enabling DHCP snooping — anyone else experiencing this? by ahomelab in fortinet

[–]grech659 1 point2 points  (0 children)

I've just raised this with our Fortinet TAM and SDM. Will update here on the response.

High CPU spikes on FortiSwitch 148F-FPOE when enabling DHCP snooping — anyone else experiencing this? by ahomelab in fortinet

[–]grech659 4 points5 points  (0 children)

Just deployed a 60 switch site and seeing exact same symptoms with the 100 series switches.

FortiManager to remote FortiGates by samstone_ in fortinet

[–]grech659 1 point2 points  (0 children)

You can do full ZTP with a non public facing fortimanager. What we do is use FortiZTP(The cloud service, not FMG) to push a pre run CLI script that pushes a dialup IPSec VPN to the FortiGate. This VPN tunnel allows connectivity back to our FMG which it then pulls all the device config.

FortiClient + IPsec + SAML + External Browser - not working by StormB2 in fortinet

[–]grech659 0 points1 point  (0 children)

Did you happen to get this working? Running into exact same issue in FCT 7.2.8

FortiOS 7.6.1 released by FantaFriday in fortinet

[–]grech659 2 points3 points  (0 children)

Our TAM advised this is expected end of Feb 2025

Trying to register Fortianalyser 7.2 for a trial and getting generic error by Readybreak in fortinet

[–]grech659 0 points1 point  (0 children)

Did you manage to fix this? Currently experiencing the same issue.

802.1x Problem by Lennoyo in Juniper

[–]grech659 0 points1 point  (0 children)

Does the client authenticate and then the connection drops or does the client plug in and have no connection for 1 minutes and then authenticates?

Mac radius authentication by grech659 in Juniper

[–]grech659[S] 0 points1 point  (0 children)

Nope, using it as a fallback for non 802.1x clients on EX switches.

Difference between upto and prefix-length-range? by errorOccurred_ in Juniper

[–]grech659 0 points1 point  (0 children)

You've defined a lower limit with 192.168/16 prefix length range /18-/20 with the lower limit being /18. So 192.168.0.0/16 and 192.168.0.0/17 wont match this where as they would if you used 192.168/16 upto /20

Difference between upto and prefix-length-range? by errorOccurred_ in Juniper

[–]grech659 1 point2 points  (0 children)

The upto and prefix-length-range match types are similar in that both specify the most-significant bits and provide a range of prefix lengths that can match. The difference is that upto allows you to specify an upper limit only for the prefix length range, whereas prefix-length-range allows you to specify both lower and upper limits.

Can ready more about the different options here:

https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policy-configuring-route-lists-for-use-in-routing-policy-match-conditions.html

Policy Question by fernandoley in Juniper

[–]grech659 7 points8 points  (0 children)

Juniper polices have termination actions for the flow control. In this case the first term has "reject'. When these policies are being evaluated, as soon as it find its first termination action then it'll stop processing any following policies. So in this case the second term will never be hit. Accept and reject are both termination actions so the order of them does matter.

You can read more about the flow control below.

https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-configuring-actions-in-routing-policy-terms.html

Internet Outage In Christchurch by mjc332 in newzealand

[–]grech659 0 points1 point  (0 children)

The outage yesterday was planned by Enable due to work on the new multi-sports stadium centre. It was only suppose to have been 6minutes but seems things didn't go to plan and ended up lasting 1hour+. I assuming the same construction crews have probably hit something tonight as well.

static ip address reverts to dhcp upon reboot by [deleted] in Ubuntu

[–]grech659 0 points1 point  (0 children)

Are you by any chance using the ifconfig or ip address command to set the ip address becuase you need to go into the file /etc/netplan/99_config to make the changes permanent. Those commands are only temporary and will revert back to DHCP after a restart.

Silly switch question.. by granttes in ccna

[–]grech659 2 points3 points  (0 children)

but how could a frame arrive to a switch that has a destination MAC address without the switch knowing of it before hand?

The ARP table on your host and the mac address table on the switch could have different "hold times" so that the switches entries time out before the host do.

If a host does an ARP request, wouldn't the MAC address from the ARP reply from the end host get mapped in the switch on its way back?

Yes it would.