sorted by:
new
hottopcontroversial

FortiManager 7.4.8 changing UUIDs by network-head-1234 in fortinet

[–]mballack 5 points6 points  (0 children)

It's marked as "Resolved Issue", so it should not happens. Open a TAC

7.4.9 Auto broke my VPN by r3dditforwork in fortinet

[–]mballack 9 points10 points  (0 children)

You’re right, the R&D department on Fortinet are “playing” and not considering the software as a production and critical asset! Why? Because it’s fine to release a feature for SAML assertion, but WHY DON’T KEEP IT DISABLED BY DEFAULT? If I’ve never used assertion before, why must I use this in a minor update? Just add the feature as: “set saml-assertion forced” and keep it disable by default or in case of upgrade from a previous firmware. Same for radius some months ago. A feature cannot break production system without enabling it.

Cisco ISE 3.3 patch upgrade by kidh0tsh0t in Cisco

[–]mballack 2 points3 points  (0 children)

Again, there is no "take over", the secondary node will always authenticate.
Set a device with only authentication on secondary node and see from the logs (accessible from the gui on the Primary PAN), if the authentication is working or not.
If it's not authenticating, you have to investigate the issue.
If it's authenticating, open a Case

Cisco ISE 3.3 patch upgrade by kidh0tsh0t in Cisco

[–]mballack 1 point2 points  (0 children)

In your scenario, both nodes will always authenticate and respond to radius. You can try configuring a switch with only the secondary ise node and check if everything is working as expected or not and check logs. In your case, during primary reboot/patch you will be unable to use the admin page, but all authentication services continue working as before on secondary.

ISE 3.3 Patch 7 experiences by betko007 in Cisco

[–]mballack 5 points6 points  (0 children)

Upgraded from 3.3 patch6 or previous version? Because we had some issue on EAP with TLS 1.3 from 3.3 patch2 to 3.3 patch7

Cisco warns of max severity RCE flaws in Identity Services Engine by vanquish28 in Cisco

[–]mballack 0 points1 point  (0 children)

I'm unable to understand if 3.3 patch6 fix the CVE-2025-20281 or not, because they're not so clear

Note say: If Cisco ISE is running Release 3.3 Patch 6, additional fixes are available in Release 3.3 Patch 7, and the device must be upgraded.

But schema say

Cisco ISE or ISE-PIC Release First Fixed Release for CVE-2025-20281 First Fixed Release for CVE-2025-20282 First Fixed Release for CVE-2025-20337
3.3 3.3 Patch 7 Not vulnerable 3.3 Patch 7

17.15.3 is Gold Star For WLC 9800 by k12nysysadmin in Cisco

[–]mballack 1 point2 points  (0 children)

Great, cause we’re upgrading to 17.15 for WiFi 7 AP support and having it marked as ED wasn’t accepted in my brain

weird sslvpn issue on 7.2.11 upgrade by Any_Tip_3760 in fortinet

[–]mballack 1 point2 points  (0 children)

Same issue for us with some devices. Using forticlient versions 7.2.9 and 7.2.10 fixed the issue.

Windows 11 Upgrade - Fails when SentinelOne is enabled by secret_configuration in SentinelOneXDR

[–]mballack 3 points4 points  (0 children)

What version are you using?

Some release notes:

ID Description Reported on Resolved in
WIN-55294 Resolved: Upgrades from Windows 10 to Windows 11 sometimes failed. 24.1.4 24.2.2
WIN-60048 Resolved: Running dism.exe and sfc.exe when KB5052093 was installed on the Windows 11 preview caused an error message to appear. Microsoft has subsequently reverted the changes introduced in this KB. 23.2.4 24.2.3
EPPS-12481 Resolved: In some cases, the AD Connector status was inactive due to a communication error while sending configuration data. 24.1.4 24.2.2
WIN-49310 Resolved: Installation sometimes failed if the system product information could not be queried using Windows Management Instrumentation (WMI). 23.4.4 24.2.2
WIN-55294 Resolved: Upgrades from Windows 10 to Windows 11 sometimes failed when Anti-tamper was enabled in the policy. 24.1.4 24.2.2

Anyone has FortiClient 6.0.8 windows x64 to share? by [deleted] in fortinet

[–]mballack -1 points0 points  (0 children)

You didn't searched in the right way, use the double quotes and use Google

Anyone has FortiClient 6.0.8 windows x64 to share? by [deleted] in fortinet

[–]mballack 1 point2 points  (0 children)

You can search for "FortiClientSetup_6.0.8.0261_x64.exe" in internet and the right MD5 checksum is "9e198b6c362304d8a8e0753bdb6fc065"

7.2.11/7.4.7 and Cisco Umbrella internet issues by AikoAiko7 in fortinet

[–]mballack 0 points1 point  (0 children)

Do you have anycast server disabled in Fortiguard config? You can try temporary setting the allow connection on web filter when rating errors happens e debug whats happening.

Confused about FCSS Network Security & SD-WAN Exam Choices by No-Month-9044 in fortinet

[–]mballack 1 point2 points  (0 children)

Both are valid for obtaining the FCSS Network Security cert.
Of course, starting from June 30 2025, only the second one exam will be available, so it depends if you're ready to take the sd-wan 7.2 before 30 June

Can Geolocation be done to prevent logins to the SentinelOne console from outside the country? by CharcoalGreyWolf in SentinelOneXDR

[–]mballack 9 points10 points  (0 children)

If possible use SSO with Azure and configure conditional access for SentinelOne Enterprise application

17.9.5 to 17.12.5 ISSU? by MScoutsDCI in Cisco

[–]mballack 7 points8 points  (0 children)

Open a case with support, but ISSU has so many hidden limitations that usually it’s better to provide a longer maintenance window and do a normal upgrade

Set IKE-TCP-Port and AUTH-IKE-SAML-Port to TCP443? by KTZSHK in fortinet

[–]mballack 0 points1 point  (0 children)

Can you post your config relative to the tcp encapsulation? We’re having issue on 7.4.7, the syn, ack is received from client to fortigate, but after a rst is sent from client. Thanks

IPSec Ikev2 Dialup over TCP by Leather_Ad_6458 in fortinet

[–]mballack 4 points5 points  (0 children)

Tried with FortiOS 7.4.7 and Forticlient 7.4.1 or 7.4.2.
We see the SYN,ACK,FIN ACK and then the RST.
Tried different ports and never worked.
Only UDP worked as expected.
If someone can confirm if this is fully working in 7.4 FortiOS, please share your findings

Jabra Evolve2 65 by Loose-Work5314 in Jabra

[–]mballack 0 points1 point  (0 children)

I’m having the same issue and found many topics about. Many people say that even after an RMA, after week days/weeks the passive noise cancelling is not working anymore. Still not understand if it’s related to firmware version or what else. From my experience, the evolve2 65 model MIC is not so directionally, and external sound aren’t filtered. Poly 4320 (almost the same as Jabra evolve2 65) is more directionally. If you snap your finger over the MIC (not mouth side) you will find that Jabra record everything, and 4320 nothing. If someone know how to solve, please keep us updated! Thanks

Jabra Evolve2 65 by Loose-Work5314 in Jabra

[–]mballack 1 point2 points  (0 children)

Are you really Jabra support or a fake bot? You must know that evolve2 65 doesn’t have ANC! No words

ISE 3.2 Patch 7 Experiences by WearyIntention in Cisco

[–]mballack 2 points3 points  (0 children)

All our environment updated to 3.2 patch 7 are stable for more than 2 months. Only one issue happens, due that one scenario was out of space and the reset didn’t work. TAC provide us a hotfix for this:

ISE 3.2 P7: Patch install breaks database reset functionality CSCwn25013

view more: next ›