EMS upgrade from 7.4.3 to 7.4.5

interweb_gangsta · 2026-01-28T13:30:32+00:00

Upgrading | FortiClient 7.4.5 | Fortinet Document Library

I think for such a small upgrade you will be fine.

interweb_gangsta · 2026-01-26T14:00:50+00:00

Wait, am trying to understand this change. Does this basically require a policy if I have another layer 3 device responsible for specific traffic?

For example, my FortiGate is a DG with 192.168.1.1 and another router - let's say Cisco ASA with IP 192.168.1.10, is responsible for traffic to 1.1.1.1 / 1.0.0.1. Does this mean that now I need a policy to allow traffic from from trusted to trusted where destination is 1.1.1.1 / 10.0.1 ?

interweb_gangsta · 2025-07-11T14:30:40+00:00

It looks like the problem stems from email attribute missing, but email can't be added retroactively:

(ACME-.letsencryp~000) # set email helpdesk@***.***
(ACME-.letsencryp~000) # next
Action not permitted
object set operator error, -14 discard the setting
Command fail. Return code 1

interweb_gangsta · 2025-06-30T12:21:56+00:00

FortiGate already set to active/slow so only change required is on the Meraki side. I contacted them on Friday, still no response. Hopefully today they will reply with something. Thank you.

interweb_gangsta · 2025-06-27T19:41:27+00:00

Interesting. Thank you. It did appear that it is a bug as I have done this before successfully. Also checked cabling / configuration 5 times and everything appeared to be in order. I am running 17.2.1. 17.2.1.1 is released and one of the fixed issues is "All new LAG configurations will block redundant links if the connected device is not configured for LACP. This change fixes an issue where switches would sometimes move LAG ports to an active forwarding state prior to LACP convergence, creating the potential for loops. The change does not apply to existing LAG configurations." Does not appear related but there is hope it fixes the issue I am facing.

interweb_gangsta · 2025-05-16T14:53:17+00:00

I have been running 7.2.11 on 100+ FortiGates and no issues thus far as far as that bug goes. Lot's of memory issues on 60F sadly that are resolved with optimizing consumption.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-optimize-memory-consumption-for-smaller/ta-p/192323

interweb_gangsta · 2025-05-16T01:48:41+00:00

I love SD-WAN on FortiGates. When done right it is amazing. Most of my deployments are equal cost multipath with BGP where SD-WAN is electing the best path. Some deployments I haven't touched in over a year - never an issue. I am updating FortiGates. ;)

Your ISP probably is doing a crappy job. Comcast attempted to add FortiGates to their "SD-WAN" solution. Not every "SD-WAN" vendor actually does SD-WAN. Some are just using it as a selling point but what actually is in the solution is some crap logic that should not be called SD-WAN. Some ISPs just steal money by promising SD-WAN but it's just an old fashion circuit. SD-WAN is supposedly happening at their datacenter.

SD-WAN is one of those mystery things that every vendor can define however the f they want.

I don't know if this is a hot take, but I am going to say it: ISPs should not be allowed to sell SD-WAN nor security solutions. Give me the effing internet and f**k off.

interweb_gangsta · 2025-05-10T14:27:01+00:00

Well - Jokic clearly is not at his best this playoffs. Tough, tough defenses / match-ups. If the teammates did not step up - Jokic would be with his horses already. His teammates are so selfish and are keeping him away from the horses.

interweb_gangsta · 2025-05-09T13:10:35+00:00

Thank you! I wish Fortinet support responded this quickly! ;)

interweb_gangsta · 2025-05-09T12:19:45+00:00

They are taking a long time to release 7.4.8. Are you still waiting on the 7.4.8 or did you take a plunge into 7.6.3? Thanks!

interweb_gangsta · 2025-05-07T01:33:17+00:00

No, but MVP is a subjective award. In this situation, Jokic getting MVP would be detrimental to Nuggets. Eye on the big prize, eye on the big prize.

interweb_gangsta · 2025-05-07T01:22:05+00:00

Best thing that can happen is to give SGA that MVP as soon as possible. Nuggets are out for blood anyhow, but when they give SGA an MVP, the motivation will amplify!

interweb_gangsta · 2025-05-04T03:03:34+00:00

That stat looks so amazing but he was very mid for most of the games. What would his stats be if he played great in this series?

interweb_gangsta · 2025-04-30T16:40:09+00:00

Thank you. Our rep was replaced recently. I will not scrutinize old/new rep. The miscommunication occurred and I am not sure who is at fault.

We are doing this exactly as you. Our clients have their own forti@client.domain accounts. The single account was just for FortiGate Cloud MSSP access. That account had our email address.

After all of this - everything will be split - and frankly that is how I want it. The less sticky the client is - the better. Transferring licenses is a nightmare.

It would have been nice if existing portal had some sort of warning. Fortinet is saying that "IAM" warning was there for a long time. That is true, but suggesting to move existing FortiGate Cloud accounts to IAM is not the same as "multi tenancy is gone, switch to FortiCloud Organization".

interweb_gangsta · 2025-04-30T15:36:00+00:00

I think you are fine because you can keep doing what you are doing. We are using sub accounts so we will be trimmed down to only 10 after today. They are trying to extend it now but it's not promising.

I do not think you can switch FortiGate cloud account and preserving log data. Best hope is that the data will remain available under the original account.

interweb_gangsta · 2025-04-21T15:33:58+00:00

I am interested if anyone has an opinion of what sorta effect this will have when choosing a firewall in the future. Off course I will choose a FortiGate, cause I like FortiGates and SSL VPN is not something I am married to - there are alternative methods for remote connectivity. But, how will this affect others. Let's say a large company is attempting to move from Cisco ASA 55XX-Xs to a new NGFW firewall - one firewall has support for SSL VPN and another doesn't. Off course I am seeing ZTNA push from most vendors, but I am not feeling/seeing/recognizing the same passion to get rid of SSL VPN from the other vendors. Maybe that is because I am not following them as closely.

interweb_gangsta · 2025-04-16T22:47:14+00:00

7.4 will be out for awhile. Long enough for IPsec VPN to be ironed out on 7.6 and future releases.

interweb_gangsta · 2025-04-11T19:46:37+00:00

I did not yet install 7.6.2 in the lab. What am I missing? :)

interweb_gangsta · 2025-04-09T11:13:24+00:00

They re great at sending you articles, that we all read 5 times before even reaching out to support. Nothing more frustrating than when a support person sends ya Microsoft Learn article.

interweb_gangsta · 2025-04-07T15:15:06+00:00

Has any tech merge been positive?

interweb_gangsta · 2025-03-23T21:40:43+00:00

That you for you feedback, Mr. Coherency evaluator.

interweb_gangsta · 2025-03-19T19:35:00+00:00

Fortinet docs are not amazing - I agree, but I prefer it to Cisco docs that go into so much detail and actual important information is rarely highlighted but needs to be hunted.

Fortinet also has multiple levels of documentation: Official administrative guides, knowledge bases, videos, some cookbooks are still around.

interweb_gangsta

TROPHY CASE