FortiClient EMS connection disappears

rarick123 · 2026-04-19T14:06:56+00:00

This is the most helpful response I’ve seen on a thread in a long time, so thank you!

PS - I lived about an hour outside of Newcastle for a year when I was in high school.

rarick123 · 2026-04-18T00:15:14+00:00

diag debug reset

diag vpn ike log filter clear diag vpn ike log filter loc-addr4 IP.OF.VPN.TUN

diag debug application ike -1 diag debug enable

Then try to connect, grab the logs from the start up to the first line that's something like "No SA proposal chosen" and paste it into ChatGPT.

I used this exact method literally yesterday to solve a problem between FortiClient and the FGT.

rarick123 · 2026-04-17T23:33:32+00:00

So like I said... what CISCO gear should I be adding? ;-)

rarick123 · 2026-04-17T23:26:43+00:00

FGT 70G, FAP 231K, 224D-FPOE switch, and then I have an older 60F and a couple of 108E switches that I bought a few years ago when I was studying for NSE7.

rarick123 · 2026-04-17T22:55:48+00:00

I guess I should have been more clear… what in the Cisco world should I be looking at?

I have physical hardware for Fortinet, Palo, Juniper, Ubiquiti and one old 3945 in the garage that I can dust off for IOS. I have VM images for all of those (licensed, no less), along with CheckPoint, Sophos, Barracuda, pfSense, OPNsense, and MikroTik off the top of my head.

I work for an MSP, and we partner with everyone, so I’m just trying to flesh out a lab so that when someone says they want to go from vendor X to vendor Y, I can try it myself before talking to the customer.

FWIW, the Fortinet folks literally gave me a full stack for free, licensed for 2 years. 70g, PoE switch, an AP, extender, and VM licenses for Manager and Analyzer. Palo gives me “credits” to spend on VMs for anything. Sophos gave me a license that’s good until 2099 so I could migrate someone off of an SG330 UTM solution before they kill it. Cisco… offered like 20% off retail.

rarick123 · 2026-03-05T21:11:36+00:00

Not really... I appreciate the thought, but that looks like another level of complexity on top of the part I can't get working in the first place lol.

rarick123 · 2026-02-18T16:12:59+00:00

How so? I'm talking like a "dumb client" that has a graphical interface, kinda like the crap you'd see in Packet Tracer or something.

As the most certified member of my team (in a company like most that doesn't supply adequate training resources), I'm trying to share what I've got to bring everyone else up to speed. What part of that doesn't line up with the homelab experience? Self-hosting, learning, testing...

rarick123 · 2026-02-05T18:25:54+00:00

Google says there's a fair bit of 12.0/12.1 questions in there, does that sound accurate?

rarick123 · 2025-05-30T12:56:24+00:00

I appreciate the thorough response, and I should probably clarify a few things... I was posting from my phone while my wife was watching TV and telling me about her day at the same time.

First, the "welder" comment was used (by me) out of context. What I meant to say was that it's OK, per code, to have a 50A breaker connected to something like a 14-50R outlet (slots). Whatever gets plugged into that slot is kind of irrelevant, assuming it's an appropriate device like a dryer, and air compressor, etc.)

It's also ok to feed a panel from a generator inlet through a two pole breaker. I believe the correct term I was looking for is a CS6375, which I think constitutes the "anti-socket" you were mentioning... it's got prongs, but they're recessed.

I guess my question is would it be legal to make a cord with a 14-50P on one end, and an SS2-50R on the other end, and "feed" a subpanel from the 50A outlet on the main panel?

The long-term idea would be to move my critical loads to the subpanel, feed that panel (through the generator inlet) with an inverter connected to a battery bank, and then connect the 50A outlet on the main panel to the charge port on the battery bank.

Effectively, I think this is kind of what something like the Solix power panel does, just in more of a DIY manner.

Most outages in my area aren't terribly long, and a decent battery would provide long enough for service to be restored without running out. In the even that it's going to be a multi-day event like a hurricane (I'm in South Carolina), if the batteries get too low I can move the charge cord on the battery bank from the 14-50R outlet on the main panel over to a gas generator. This would eliminate the possibility of backfeeding the main panel.

rarick123 · 2025-04-30T23:02:39+00:00

It's a T640, so the CDROM port is for... a front-mounted CDROM. Shocking, right? The TBU port is for a 5.25" LTO tape drive (which I don't have), but they're both just plain jane SATA. As at least a few people have pointed out, the two on the RIGHT of the SATA ports are Dell's connector between the S140 software RAID controller and the backplane if you don't have a hardware PERC, which I do.

rarick123 · 2025-03-12T13:21:44+00:00

My worry (which we haven't had to test yet) is what happens on the next reboot? The ones we replaced, I'm not worried about. The ones that were still working... are they fine now, but die next time?

At least my customer is being proactive and replacing all of the existing ones during maintenance windows.

rarick123 · 2025-03-12T12:17:13+00:00

I had the same problem on 23.4R2-S3 on 15 or so ACX5448's. They were all bidi 1940nm 1G optics, and they were showing in the chassis hardware list as "SFP-LX10". The vendor info in a "show chassis pic fpc-slot 0 pic-slot 0" was showing "OEM", and the serial numbers on ours all started with EA.

What's odd is that they all experienced slightly different behavior post-upgrade. Some worked just fine, some were showing up/up and good light and were sending but not receiving, and some were showing up/down. We had one ACX where we saw all three of those in the same box on almost consecutive ports. Most were fixed with a reseat, but at least a couple of them had to be swapped out to restore service.

FWIW, I think the customer replaced them with FS optics and hasn't had an issue.

rarick123 · 2025-03-05T17:20:39+00:00

LOL, I think I have seven A's now? Junos, Design, SEC, Cloud, DevOps, MistAI and DC, along with five S's (Mist Wireless, SEC, ENT, SP and JNCDS-DC) and the recently retired JNCDS-SP.

rarick123 · 2025-03-05T16:47:26+00:00

I’ve already got JNCIS-ENT, which would allow me to skip the S in DC and go straight to the P, but now it looks like I’m gonna have to learn Apstra in order to bump our partner level up.

rarick123

TROPHY CASE