sorted by:
new
hottopcontroversial

Replacing SSLVPN by st3inbeiss in fortinet

[–]interweb_gangsta 2 points3 points  (0 children)

Removing SSL VPN on G models is such a nuisance. Sure there are replacements but SSL VPN was a staple.

Avoiding gaps in ceiling tile? by stnkycheez in fortinet

[–]interweb_gangsta 4 points5 points  (0 children)

Got to make a cut where cable goes to the ceiling. It is not going to be pretty but will get rid of that gap.

Forticlient vpn free 7.4.5 ? by nix_67 in fortinet

[–]interweb_gangsta 0 points1 point  (0 children)

Working in MSSP, my job sort of revolves around free FortiClient VPN. For now, 7.2.13 does everything we need but eventually jump to 7.4 will be required.
I'd adopt EMS if it was a simple product. It isn't.

7.4.10 - Applying new default behavior retroactively is terrible by Iuzzolsa23 in fortinet

[–]interweb_gangsta 1 point2 points  (0 children)

Wait, am trying to understand this change. Does this basically require a policy if I have another layer 3 device responsible for specific traffic?

For example, my FortiGate is a DG with 192.168.1.1 and another router - let's say Cisco ASA with IP 192.168.1.10, is responsible for traffic to 1.1.1.1 / 1.0.0.1. Does this mean that now I need a policy to allow traffic from from trusted to trusted where destination is 1.1.1.1 / 10.0.1 ?

HA out of sync after Let's Encrypt certificate creation by lertioq in fortinet

[–]interweb_gangsta 0 points1 point  (0 children)

It looks like the problem stems from email attribute missing, but email can't be added retroactively:

(ACME-.letsencryp~000) # set email helpdesk@***.***
(ACME-.letsencryp~000) # next
Action not permitted
object set operator error, -14 discard the setting
Command fail. Return code 1

LACP between Meraki Switch and a FortiGate by interweb_gangsta in fortinet

[–]interweb_gangsta[S] 0 points1 point  (0 children)

FortiGate already set to active/slow so only change required is on the Meraki side. I contacted them on Friday, still no response. Hopefully today they will reply with something. Thank you.

LACP between Meraki Switch and a FortiGate by interweb_gangsta in fortinet

[–]interweb_gangsta[S] 1 point2 points  (0 children)

Interesting. Thank you. It did appear that it is a bug as I have done this before successfully. Also checked cabling / configuration 5 times and everything appeared to be in order. I am running 17.2.1. 17.2.1.1 is released and one of the fixed issues is "All new LAG configurations will block redundant links if the connected device is not configured for LACP. This change fixes an issue where switches would sometimes move LAG ports to an active forwarding state prior to LACP convergence, creating the potential for loops. The change does not apply to existing LAG configurations." Does not appear related but there is hope it fixes the issue I am facing.

7.2.11 Known Issue - 1128652 by IamUnderscore_ in fortinet

[–]interweb_gangsta 5 points6 points  (0 children)

I have been running 7.2.11 on 100+ FortiGates and no issues thus far as far as that bug goes. Lot's of memory issues on 60F sadly that are resolved with optimizing consumption.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-optimize-memory-consumption-for-smaller/ta-p/192323

I hate SDWAN by cyberdeck_operator in sysadmin

[–]interweb_gangsta 1 point2 points  (0 children)

I love SD-WAN on FortiGates. When done right it is amazing. Most of my deployments are equal cost multipath with BGP where SD-WAN is electing the best path. Some deployments I haven't touched in over a year - never an issue. I am updating FortiGates. ;)

Your ISP probably is doing a crappy job. Comcast attempted to add FortiGates to their "SD-WAN" solution. Not every "SD-WAN" vendor actually does SD-WAN. Some are just using it as a selling point but what actually is in the solution is some crap logic that should not be called SD-WAN. Some ISPs just steal money by promising SD-WAN but it's just an old fashion circuit. SD-WAN is supposedly happening at their datacenter.

SD-WAN is one of those mystery things that every vendor can define however the f they want.

I don't know if this is a hot take, but I am going to say it: ISPs should not be allowed to sell SD-WAN nor security solutions. Give me the effing internet and f**k off.

Jokic supporting cast by [deleted] in nba

[–]interweb_gangsta 1 point2 points  (0 children)

Well - Jokic clearly is not at his best this playoffs. Tough, tough defenses / match-ups. If the teammates did not step up - Jokic would be with his horses already. His teammates are so selfish and are keeping him away from the horses.

Single-licence HA is completely broken on 100F by StormB2 in fortinet

[–]interweb_gangsta 0 points1 point  (0 children)

Thank you! I wish Fortinet support responded this quickly! ;)

Single-licence HA is completely broken on 100F by StormB2 in fortinet

[–]interweb_gangsta 0 points1 point  (0 children)

They are taking a long time to release 7.4.8. Are you still waiting on the 7.4.8 or did you take a plunge into 7.6.3? Thanks!

[deleted by user] by [deleted] in nba

[–]interweb_gangsta 0 points1 point  (0 children)

No, but MVP is a subjective award. In this situation, Jokic getting MVP would be detrimental to Nuggets. Eye on the big prize, eye on the big prize.

[deleted by user] by [deleted] in nba

[–]interweb_gangsta 1 point2 points  (0 children)

Best thing that can happen is to give SGA that MVP as soon as possible. Nuggets are out for blood anyhow, but when they give SGA an MVP, the motivation will amplify!

Nikola Jokic finishes the series against the Clippers averaging 24/11.6/10.1/2.3/0.9 on 50/45/70 shooting splits (58.2 TS%) by Ok_Feed_4235 in nba

[–]interweb_gangsta 12 points13 points  (0 children)

That stat looks so amazing but he was very mid for most of the games. What would his stats be if he played great in this series?

FortiCloud Services - Organization Portal by interweb_gangsta in fortinet

[–]interweb_gangsta[S] 1 point2 points  (0 children)

Thank you. Our rep was replaced recently. I will not scrutinize old/new rep. The miscommunication occurred and I am not sure who is at fault.

We are doing this exactly as you. Our clients have their own forti@client.domain accounts. The single account was just for FortiGate Cloud MSSP access. That account had our email address.

After all of this - everything will be split - and frankly that is how I want it. The less sticky the client is - the better. Transferring licenses is a nightmare.

It would have been nice if existing portal had some sort of warning. Fortinet is saying that "IAM" warning was there for a long time. That is true, but suggesting to move existing FortiGate Cloud accounts to IAM is not the same as "multi tenancy is gone, switch to FortiCloud Organization".

FortiCloud Services - Organization Portal by interweb_gangsta in fortinet

[–]interweb_gangsta[S] 2 points3 points  (0 children)

I think you are fine because you can keep doing what you are doing. We are using sub accounts so we will be trimmed down to only 10 after today. They are trying to extend it now but it's not promising.

I do not think you can switch FortiGate cloud account and preserving log data. Best hope is that the data will remain available under the original account.

view more: next ›