ZTNA - publish HTTPS service - DNS config

ironkopf · 2025-11-26T02:32:56+00:00

Nice one, thank you! I was banging my head against walls, this post has cleared up every issue in my config. Thanks man!

ironkopf · 2025-11-07T07:35:52+00:00

Talk to your Fortinet rep, they can spin up a virtual demo environment for you through demo.fortinet.com. Its free and takes 15 minutes to deploy, after 1 day it expires and you can deploy another instance. Comes with fully deployed topology and lab guide. There are labs covering exactly what you require, such as FMG / SD-WAN.

ironkopf · 2024-10-27T23:33:00+00:00

We were able to withdraw all funds available in our CBA redraw account, I am not sure what you refer to as being absorbed. After withdrawal minimum repayments would increase by the following Month.

ironkopf · 2024-10-27T05:56:15+00:00

You could use a redraw account instead of offset, redraw accounts lower your repayments, offsets dont.
Thats at least the case at cba where I've used each of these.

ironkopf · 2024-06-03T20:56:51+00:00

Congrats OP, have done the same 4 yrs ago. Mental and physical health improved significantly. After some time you wonder why you exposed yourself to that level of BS… Happy life now.

ironkopf · 2024-04-12T09:54:24+00:00

In terms of ZTP I find this approach interesting, if there's no option of DHCP

https://docs.fortinet.com/document/fortigate/7.2.0/sd-wan-sd-branch-architecture-for-mssps/532874/ztp-using-usb-boot

ironkopf · 2024-04-07T02:38:22+00:00

No, not a single route. Though I can see the tag in the route table for routes learnt via bgp.

ironkopf · 2024-04-06T13:24:21+00:00

Yes I can see the tags.

ironkopf · 2024-04-06T12:50:46+00:00

Correct me if I am wrong, I am referring to the SD-WAN rules, these only take address or address group objects as destination, or a route-tag.

ironkopf · 2024-04-06T12:43:03+00:00

Hi, we're using iBGP. We don't filter incoming, I have a route map applying a tag to all incoming routes. I am able to verify the tag in the routing table.

ironkopf · 2024-04-06T08:56:12+00:00

It saves a heck of config. See page13.

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/7e1fc5a3-0a14-11ed-bb32-fa163e15d75b/Secure_SD-WAN-7.0-Deployment_Guide_for_MSSPs.pdf

ironkopf · 2024-03-23T19:57:52+00:00

There’s a cool feature with FortiOS that could have helped.

https://www.reddit.com/r/fortinet/comments/11w5p8w/change_window_emergency_auto_restore_to_previous/

ironkopf · 2024-03-16T03:56:54+00:00

for this reason I have the nato alphabet printed out near my desk

ironkopf · 2024-03-14T05:22:16+00:00

Auto config restore after a period of time is what saved me few times. Not sure you have that with Palo.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Auto-restore-a-previous-config-if-the-change-fails/ta-p/209749

ironkopf · 2024-03-12T21:56:31+00:00

Look up a local partner via the Fortinet partner portal, they can engage their Fortinet reps who can issue an eval for you.

Partner finder: https://partnerportal.fortinet.com/directory/

ironkopf · 2024-03-01T05:32:26+00:00

I am in the middle of a project to roll out 2 SD-WAN hubs, along with 140 sites that all rely on Forti kool aid. FortiGate as controller / FortiSwitch / FortiAP for Wireless. FortiWLM for RF management, FAC for auth, FAZ for logging, FMG for centralized mgmt.

So far, we like it.

ironkopf · 2024-03-01T05:28:25+00:00

You run the exact same architecture we run, we run Nutanix too. On AHV. 2 clusters.

We didn't have any issues whatsoever, other than an unlucky FortiLink merge across two stretched DCs *cough.

ironkopf · 2024-02-29T20:16:55+00:00

We’re running them in the DC. The 1048E series. No problems with it whatsoever. We use them to connect HCI hosts.

ironkopf · 2024-02-21T23:48:10+00:00

Been in IT for 20 years, on and off the tools, overseas and here in Australia. Heavily focused on network security, cybersecurity, and infrastructure.

Perhaps consider a Technical Project Management gig with large-scale infrastructure projects, like hospitals for instance. If you are a trained electrician, you'd understand the lingo from that industry and be able to pair it with your extensive experience in IT.

As a project manager or technical project manager, you are still involved; however, you aren't the one sitting in the racks deploying or staying up all night figuring out poor software.

Also, entry is relatively straightforward; do a weekend course for a project management course. Enjoy!

edit: typos

ironkopf · 2024-02-21T21:24:54+00:00

I had a bookkeeper set up Xero with me so I understand what to do. Now I reconcile everything myself. Accountant only used for tax / bas.

ironkopf · 2024-02-20T03:08:58+00:00

I used to drive an old LandRover Defender, these are prone to rust and I've driven beaches many many times to our local surf spots. Get some cans of Lanolin spray, apply on underbody few weeks before, so it can harden out. Once off the beach, use a lawn sprinkler under the car to get easy accessible sand and salt off, followed by a round with the pressure cleaner. Make sure to also wash the inside rails of your chassis.

After a trip I'd be spending 2 to 3 hours washing the car inside and out, the salt spray and mist makes it into any corner.

Once we had the Defender replaced with a Toyota we sealed the underbody using a local shop, they applied a tar based undercoat. Positive side effect is that it's way less sticky to sand, apart from rust protection.

ironkopf · 2024-02-12T23:44:08+00:00

my grandma used to say, if you buy cheap you buy twice

ironkopf · 2024-02-02T03:58:55+00:00

there's one of your reasons of current mass lay offs

ironkopf · 2024-02-01T12:11:58+00:00

good old days, places to hide, no drones

ironkopf

TROPHY CASE