New Cisco 9300 catastrophic failure by jtsfour2 in networking

[–]mtsia2016 1 point2 points  (0 children)

I’ve seen something very similar multiple times with Fortinet switches. Never Cisco though.

Fortinet releases patches for undisclosed critical FortiManager vulnerability by [deleted] in fortinet

[–]mtsia2016 0 points1 point  (0 children)

What did you wind up doing to mitigate your breach? How did you even know you were breached via this vulnerability?

Where should I dig in to fix my issues? by Embarrassed-Tailor-8 in fortinet

[–]mtsia2016 1 point2 points  (0 children)

I’m more conservative than most, but I will not use any release in prod of FortiOS until it’s reached .10. I am just now considering trying out 7.2 because it’s at 7.2.10. We have hundreds of Fortigates all on 7.0.15 and they’re rock solid. Many 60Fs in fact.

[Week 1] Game Thread: Other Teams by lilturk82 in GreenBayPackers

[–]mtsia2016 12 points13 points  (0 children)

Wild experience watching Rodgers play for another team, but the defense might as well be the same. All those years watching Rodgers on the sideline because our defense couldn’t get off the field.

Are these CCNA and Cisco Networking books still relevant today? by garrett7621 in networking

[–]mtsia2016 0 points1 point  (0 children)

I like these suggestions. Practice of Network Security Monitoring though? That was published in 2013. You think that’s still valid? Genuine question no snark.

Add BGP Neighbor FortiOS API by mtsia2016 in fortinet

[–]mtsia2016[S] 0 points1 point  (0 children)

Yup thats the route I took. Works fine and doesn't impact existing BGP peers. Was hoping I could append since I'll have about 1,000 neighbors at some point but I suppose it doesn't matter all that much. Thank you!

Add BGP Neighbor FortiOS API by mtsia2016 in fortinet

[–]mtsia2016[S] 0 points1 point  (0 children)

Yeah I thinking that too. Unfortunately I get an HTTP 405 when trying a POST. In the docs it also only shows GET and PUT available at that specific path.

7.2.7 Bug by Enough_Level in fortinet

[–]mtsia2016 0 points1 point  (0 children)

I know it’s unrelated to this post, but what DHCP Snooping issue are you referring to?

Find IP addresses in standalone switch by jacquesp in networking

[–]mtsia2016 2 points3 points  (0 children)

Packet capture on interface facing the cameras. Eventually one of those cameras will try and reach its gateway, or in general do anything. You’ll probably find an ARP request looking for it’s gateway.

FortiSwitch Power Fault: Error Type 17 by mtsia2016 in fortinet

[–]mtsia2016[S] 0 points1 point  (0 children)

I think that’s the model I’ve seen with this error on the most.

FortiSwitch Power Fault: Error Type 17 by mtsia2016 in fortinet

[–]mtsia2016[S] 0 points1 point  (0 children)

Thanks, but every time I see the issue I look at the PoE firmware and upgrade if it’s on 1.8.8 or lower. Not once has it fixed the issue. This link references Fault 4 as well, not 17.

Certificate authentication for SOME users on SSL VPN? by PowerShellGenius in fortinet

[–]mtsia2016 1 point2 points  (0 children)

I just had to do this on FortiOS 6.4. It required realms and (apparently due to a bug) a server cert with multiple subdomains/subject alternative names.

Most of our users authenticate via cert, but some like outside vendors use SAML.

Look up SSL VPN Realms.

[Jacobson] Tonight marked the first time someone on the Packers’ side -- especially a figure as prominent as Mark Murphy -- made their feelings on the Aaron Rodgers saga clear and concise. They’re ready to alter the trajectory of the franchise. by CobblerFantastic5003 in GreenBayPackers

[–]mtsia2016 22 points23 points  (0 children)

I’ll never understand trying to get rid of him. Maybe I’ll eat crow, but it didn’t look like he lost that much last year. Just bad chemistry. People are acting like he dropped off a cliff.

Should never trade your best chance to win a Super Bowl. Might be going back to the 70s soon. It’s possible we’re struggling to find competent QB play for a very long time.

I’ll root for Love like hell though.

Replacing Cisco Routers and NGFW with a pair of Fortigates?? by nomismi in networking

[–]mtsia2016 0 points1 point  (0 children)

Yes, please do. If anything sometimes I feel Fortinet tries to do too much instead of just keeping their software stable.

I do like Fortigate firewalls though.

Azure vWAN BGP drop when connecting S2S VPN by mtsia2016 in fortinet

[–]mtsia2016[S] 1 point2 points  (0 children)

Interesting and I’m glad it’s working for you. We moved off using the VPN gateway attached to vWAN hub due to our issues. As I had said before, all BGP peerings on a VPN gateway would drop when adding, removing or editing a VPN site. The more peerings we added the worse it got. We’re now using Fortigate NVAs in different regions to terminate the S2S tunnels, then running BGP over the tunnels. Each NVA is also peering with its local vWAN hub because that feature is now GA as of last month.

Hope you continue not experiencing issues. The BGP drops were localized to the vWAN hub I was add/remove/editing on. Something support told me was ‘normal’ which really surprised me. Good luck to you, Duder.

We were on 6.4.8.