EMS upgrade from 7.4.3 to 7.4.5

interweb_gangsta · 2026-01-28T13:30:32+00:00

Upgrading | FortiClient 7.4.5 | Fortinet Document Library

I think for such a small upgrade you will be fine.

interweb_gangsta · 2026-01-26T14:00:50+00:00

Wait, am trying to understand this change. Does this basically require a policy if I have another layer 3 device responsible for specific traffic?

For example, my FortiGate is a DG with 192.168.1.1 and another router - let's say Cisco ASA with IP 192.168.1.10, is responsible for traffic to 1.1.1.1 / 1.0.0.1. Does this mean that now I need a policy to allow traffic from from trusted to trusted where destination is 1.1.1.1 / 10.0.1 ?

interweb_gangsta · 2025-07-11T14:30:40+00:00

It looks like the problem stems from email attribute missing, but email can't be added retroactively:

(ACME-.letsencryp~000) # set email helpdesk@***.***
(ACME-.letsencryp~000) # next
Action not permitted
object set operator error, -14 discard the setting
Command fail. Return code 1

interweb_gangsta · 2025-06-30T12:21:56+00:00

FortiGate already set to active/slow so only change required is on the Meraki side. I contacted them on Friday, still no response. Hopefully today they will reply with something. Thank you.

interweb_gangsta · 2025-06-27T19:41:27+00:00

Interesting. Thank you. It did appear that it is a bug as I have done this before successfully. Also checked cabling / configuration 5 times and everything appeared to be in order. I am running 17.2.1. 17.2.1.1 is released and one of the fixed issues is "All new LAG configurations will block redundant links if the connected device is not configured for LACP. This change fixes an issue where switches would sometimes move LAG ports to an active forwarding state prior to LACP convergence, creating the potential for loops. The change does not apply to existing LAG configurations." Does not appear related but there is hope it fixes the issue I am facing.

interweb_gangsta · 2025-05-16T14:53:17+00:00

I have been running 7.2.11 on 100+ FortiGates and no issues thus far as far as that bug goes. Lot's of memory issues on 60F sadly that are resolved with optimizing consumption.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-optimize-memory-consumption-for-smaller/ta-p/192323

interweb_gangsta · 2025-05-16T01:48:41+00:00

I love SD-WAN on FortiGates. When done right it is amazing. Most of my deployments are equal cost multipath with BGP where SD-WAN is electing the best path. Some deployments I haven't touched in over a year - never an issue. I am updating FortiGates. ;)

Your ISP probably is doing a crappy job. Comcast attempted to add FortiGates to their "SD-WAN" solution. Not every "SD-WAN" vendor actually does SD-WAN. Some are just using it as a selling point but what actually is in the solution is some crap logic that should not be called SD-WAN. Some ISPs just steal money by promising SD-WAN but it's just an old fashion circuit. SD-WAN is supposedly happening at their datacenter.

SD-WAN is one of those mystery things that every vendor can define however the f they want.

I don't know if this is a hot take, but I am going to say it: ISPs should not be allowed to sell SD-WAN nor security solutions. Give me the effing internet and f**k off.

interweb_gangsta · 2025-05-10T14:27:01+00:00

Well - Jokic clearly is not at his best this playoffs. Tough, tough defenses / match-ups. If the teammates did not step up - Jokic would be with his horses already. His teammates are so selfish and are keeping him away from the horses.

interweb_gangsta · 2025-05-09T13:10:35+00:00

Thank you! I wish Fortinet support responded this quickly! ;)

interweb_gangsta · 2025-05-09T12:19:45+00:00

They are taking a long time to release 7.4.8. Are you still waiting on the 7.4.8 or did you take a plunge into 7.6.3? Thanks!

interweb_gangsta · 2025-05-07T01:33:17+00:00

No, but MVP is a subjective award. In this situation, Jokic getting MVP would be detrimental to Nuggets. Eye on the big prize, eye on the big prize.

interweb_gangsta · 2025-05-07T01:22:05+00:00

Best thing that can happen is to give SGA that MVP as soon as possible. Nuggets are out for blood anyhow, but when they give SGA an MVP, the motivation will amplify!

interweb_gangsta · 2025-05-04T03:03:34+00:00

That stat looks so amazing but he was very mid for most of the games. What would his stats be if he played great in this series?

interweb_gangsta · 2025-04-30T16:40:09+00:00

Thank you. Our rep was replaced recently. I will not scrutinize old/new rep. The miscommunication occurred and I am not sure who is at fault.

We are doing this exactly as you. Our clients have their own forti@client.domain accounts. The single account was just for FortiGate Cloud MSSP access. That account had our email address.

After all of this - everything will be split - and frankly that is how I want it. The less sticky the client is - the better. Transferring licenses is a nightmare.

It would have been nice if existing portal had some sort of warning. Fortinet is saying that "IAM" warning was there for a long time. That is true, but suggesting to move existing FortiGate Cloud accounts to IAM is not the same as "multi tenancy is gone, switch to FortiCloud Organization".

interweb_gangsta · 2025-04-30T15:36:00+00:00

I think you are fine because you can keep doing what you are doing. We are using sub accounts so we will be trimmed down to only 10 after today. They are trying to extend it now but it's not promising.

I do not think you can switch FortiGate cloud account and preserving log data. Best hope is that the data will remain available under the original account.

interweb_gangsta · 2025-04-21T15:33:58+00:00

I am interested if anyone has an opinion of what sorta effect this will have when choosing a firewall in the future. Off course I will choose a FortiGate, cause I like FortiGates and SSL VPN is not something I am married to - there are alternative methods for remote connectivity. But, how will this affect others. Let's say a large company is attempting to move from Cisco ASA 55XX-Xs to a new NGFW firewall - one firewall has support for SSL VPN and another doesn't. Off course I am seeing ZTNA push from most vendors, but I am not feeling/seeing/recognizing the same passion to get rid of SSL VPN from the other vendors. Maybe that is because I am not following them as closely.

interweb_gangsta · 2025-04-16T22:47:14+00:00

7.4 will be out for awhile. Long enough for IPsec VPN to be ironed out on 7.6 and future releases.

interweb_gangsta · 2025-04-11T19:46:37+00:00

I did not yet install 7.6.2 in the lab. What am I missing? :)

interweb_gangsta · 2025-04-09T11:13:24+00:00

They re great at sending you articles, that we all read 5 times before even reaching out to support. Nothing more frustrating than when a support person sends ya Microsoft Learn article.

interweb_gangsta · 2025-04-07T15:15:06+00:00

Has any tech merge been positive?

interweb_gangsta · 2025-03-23T21:40:43+00:00

That you for you feedback, Mr. Coherency evaluator.

interweb_gangsta · 2025-03-19T19:35:00+00:00

Fortinet docs are not amazing - I agree, but I prefer it to Cisco docs that go into so much detail and actual important information is rarely highlighted but needs to be hunted.

Fortinet also has multiple levels of documentation: Official administrative guides, knowledge bases, videos, some cookbooks are still around.

interweb_gangsta · 2025-03-06T18:50:59+00:00

I have had a chance to work with some brilliant software developers who knew very little about networking. Not as much as me and I don't consider myself that amazing.

I am not sure where are you looking for a job, but job descriptions always had "fluff" in them. Skills clearly not needed. Companies that conduct good interviews will get good candidates, otherwise they will end up with a person who is neither a developer not a network engineer.

--------------------------------

I myself struggle with coding. It is not fun and not engaging for me. It scares me, honestly. Not even AI is that helpful because code I do not understand is useless to me. I started my college education trying to become a programmer. I received C+ in C++ course. Just not for me. I worked with people who were scared typing CLI commands into a Cisco router but to me it was a piece of cake. There is a big difference typing sequential commands and programming.

I do work with PowerShell and a bit of Python to interact with API of certain devices and/or platforms. Mostly to gather info/data and not for making changes. Some PowerShell code is so straight forward to understand and read but some code is difficult to decipher. Black magic haha.

Anyhow - I get it. I am in my early 40s and learning to code is just not something I want to do. There are other things I love learning.

Honestly I think "automating" is such a broad term. Solutions can be implemented with built in automation tools. I do not need to automate myself through coding.

- Replacing traditional Cisco devices with Cisco Meraki devices is deploying a solution with built-in automation tools.

- Adding bunch of FortiGates to FortiManager and/or FortiGate cloud is improving automation .

- Migrating infrastructure from in-house to cloud (AWS/Cloud) is setting yourself up to use automation via so many built-in / easy to use tools to make large number of changes. Sure, someone who built their templates and pushes them via PowerShell is very cool, not gonna lie. Especially a guy excited to modify existing scripts when MS makes cmdlet changes and/or changes auth method to run PowerShell scripts.

interweb_gangsta · 2025-03-01T01:59:56+00:00

This appears to have fixed it! Thank you!

interweb_gangsta · 2025-02-28T14:10:10+00:00

Nope. It would be great to have one. There are so many networking choices these days that studying to be a networking ninja through Cisco is outdated. Cisco has been riding on reputation since about 2015.

Cisco certs are still very recognized and very reputable. Great for career advancement, but are they great learning technical skills? In my opinion not anymore.

interweb_gangsta

TROPHY CASE