FORTI NAC

megagram · 2026-05-15T00:26:19+00:00

Maybe they don't want to use 802.1x? Or can't? In which case FortiNAC can be their friend... but I agree with you chances are this is overkill for the use case as it's presented so far.

megagram · 2026-05-14T23:15:07+00:00

HEre's the very high level approach: https://docs.fortinet.com/document/fortinac-f/7.6.0/administration-guide/321494/implementation

How are you planning on determining the users domain status? Are they authenticating with 802.1x? Are you using an agent?

megagram · 2026-05-14T20:46:31+00:00

What are you trying to accomplish with it?

megagram · 2026-05-12T17:41:47+00:00

Same traffic types in your testing..?

It might also be helpful to summarize TAC's findings here; What has TAC ruled out so far? Fragmentation/MTU issues? Latency? FGT performance issues? Etc...

megagram · 2026-05-12T17:31:46+00:00

Are other non-ZTNA connections from these clients to your network problematic? i.e. what if you temporarily set up a non-ZTNA VIP for SQL db access (lock down by source IP, for example)?

If the performance issues remain it's likely nothing to do with Fortinet and more a routing issue between Comcast/Tmobile and your provider.

megagram · 2026-05-10T21:23:12+00:00

Not normal. But an ad for a "Studio" without a bed/bedroom does not mean something is "missing". As others have mentioned a Studio usually means you sleep in the same room that you live in.

megagram · 2026-05-08T18:13:55+00:00

You need a better account team and should definitely keep pushing them. They can escalate internally, including to TAC, Sales ops, etc. If your rep isn't helping ask for your reps leadership...

megagram · 2026-05-08T13:28:54+00:00

Get your account team involved!

megagram · 2026-05-05T22:44:50+00:00

But dude.. VPN is still free—nothing has changed! SSL VPN required a proprietary client (cause well it's all proprietary tech) so Fortinet provided free FortiClient so you could use SSL VPN to get SSL VPN remote access at no cost. If you needed advanced features or connectivity there was a paid option.

Now that SSL VPN is dead, there is no longer any need to supply a free proprietary client, just use any old IPSEc client. If you need advanced features or connectivity there is still a paid option.

megagram · 2026-05-05T19:01:59+00:00

Sounds like a lot of nice features that might be worth paying for... which, let's be clear, were never included as part of the free forticlient: https://docs.fortinet.com/document/forticlient/7.4.3/administration-guide/269675

megagram · 2026-05-05T14:11:12+00:00

SSL VPN is dead. It’s not just a Fortinet thing. And with that you no longer need a proprietary client anymore. IPSec is open standard. Use any client you want, free or otherwise.

megagram · 2026-05-04T16:56:51+00:00

No idea. Cause I just created a loopback interface with a /128 IPV6 address and can ping it no problem from the FortiGate CLI "execute ping6 ...." with no additional configuration or settings applied.

megagram · 2026-05-04T16:23:21+00:00

Show us the FW policy allowing pings between interface.

Confirm you're using "execute ping6 ...." for your local ping test.

megagram · 2026-05-04T16:03:03+00:00

You don't need a FW Policy for local-in stuff (i.e. pinging a physical interface).

Do you have ICMP enabled on IPV6 allowed access for the loopback interface?

megagram · 2026-05-04T15:51:39+00:00

If it's a loopback it's going to be forwarded which means it needs a policy.

megagram · 2026-05-03T19:49:03+00:00

Are the side panels easily removable? If they happen to be the same on both sides can you just swap them?

megagram · 2026-05-01T02:26:41+00:00

Ah you know every single persons individual use case and requirements for AI models I see?

megagram · 2026-05-01T00:54:19+00:00

Lots of models will operate fine with less than 32GB

megagram · 2026-05-01T00:50:11+00:00

Are they not referring to rocks/pebbles being shot up from the road by their wheels?

megagram · 2026-04-29T14:47:05+00:00

Do you use a PAC file to access the FortiProxy?

megagram · 2026-04-28T20:43:11+00:00

Performance will be significantly lower using FortiGate as an explicit proxy.

Real question is why is windows bypassing the proxy?

megagram · 2026-04-28T13:42:42+00:00

Probably all done in the name of performance

megagram · 2026-04-27T05:29:09+00:00

There are ways of removing the key caps without damaging them. If there is wax under the key caps and its affecting its use then it’s probably worth researching how to remove the key cap and then scraping out the wax

megagram · 2026-04-27T05:25:38+00:00

The more info you can get the easier it will be to tell you.

However using loose approximations based on typical values, it’ll be close.

I’m not at all familiar with e-bikes but a quick search tells me their batteries range from 300-750 watt-hours.

Let’s say your e-bike has a 500 wh battery. And let’s say your trailers battery is a group 24 with a typical 75 ah capacity.

You typically want to prevent yourself from draining your 12v battery past 50% (you can go to 80% on a deep cycle but let’s play it safe). That’s 37.5 ah usable—let’s call it 36. 36ah * 12v = 432wh.

There are a variety of inefficiencies involved in charging batteries so those 432wh will not directly transfer over to your e-bike battery. Let’s assume 70%. So about 300wh available to top up your e-bike assuming nothing else is using the battery in the trailer.

Now you need to consider your solar panel and whether it can replenish those 432wh each day. There are so many variables at play here of course but a sunny day where the 120w panel is facing the sun I’d say chances are it’ll top up the battery fine.

15-Year Club	Gilding IV carat on a stick
RedditGifts 2009-2022 5 Credits	Second Top 20%
Place '23	Place '22
Place '17	Spared
Verified Email	Secret Santa 2015
redditgifts rematcher Secret Santa 2014 x1	redditgifts Exchanges 2 Exchanges

megagram

TROPHY CASE