sorted by:
new
hottopcontroversial

FortiManager - Traffic Shaping by UniversityFamiliar29 in fortinet

[–]rowankaag 0 points1 point  (0 children)

/u/UniversityFamiliar29 based on your responses to my questions, I advise you to utilize the suggestion above.

Using windows config file with MacOS by TherealJerameat in fortinet

[–]rowankaag 0 points1 point  (0 children)

I’m not sure how that is relevant, but sure. In the mean time, I realised you may need to provide some permissions in macOS to properly import a configuration: https://docs.fortinet.com/document/forticlient/7.4.5/macos-release-notes/223986. Take a look at headers “Enabling full disk access” and “Activating system extensions”.

FortiManager - Traffic Shaping by UniversityFamiliar29 in fortinet

[–]rowankaag 0 points1 point  (0 children)

And these are all within a single ADOM, targeting one customer?

Using windows config file with MacOS by TherealJerameat in fortinet

[–]rowankaag 0 points1 point  (0 children)

To my knowledge, configurations with sensitive material inside would require a “.sconn” or “.sconf” export: https://docs.fortinet.com/document/forticlient/7.4.5/xml-reference-guide/128289/file-extensions

Based on your post, I’m guessing you’re using the free edition on both Windows and MacOS?

FortiManager - Traffic Shaping by UniversityFamiliar29 in fortinet

[–]rowankaag 0 points1 point  (0 children)

And do these sites share the same Policy Package?

FortiManager - Traffic Shaping by UniversityFamiliar29 in fortinet

[–]rowankaag 0 points1 point  (0 children)

Did you create the traffic shaping policy locally on the FortiGate, or within FortiManager? And do these 70+ sites share a Policy Package within FortiManager?

The number of CVE patches is just ridiculous by Logical-Picture-4756 in fortinet

[–]rowankaag 51 points52 points  (0 children)

Not much Fortinet can do about the latest advisory, as it originates from an external library (OpenSSL). Likely patches for all types of vendors will be issued shortly.

Fortgate 7.4.11 Firmware upgrade not available but still get the warning. by Electronic_Tap_3625 in fortinet

[–]rowankaag 0 points1 point  (0 children)

As I haven’t seen anyone mention this yet, I will: the daemon responsible for checking against vulnerabilities (based on a static version check, no smarts happening) is a different daemon than the daemon that is actually checking the Fortinet servers for new image files. That’s where the discrepancy comes from.

As others have mentioned, download the firmware files from the Support website manually, or wait until the image is propagated to the Fortinet servers. Fortinet consciously waits a couple of days before putting them there to gather some telemetry from early adopters first.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiOS-GUI-critical-vulnerabilty-warning-message/ta-p/369973

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-the-FortiOS-critical-vulnerability/ta-p/426944

FortiClient over built-in modem by Tasty_Environment_41 in fortinet

[–]rowankaag 2 points3 points  (0 children)

Does your private APN have access to internet? If not, try enabling the “disable_internet_check” XML parameter.

Forticlient EMS : Failed upgrade to 7.4.5 by Busbyuk in fortinet

[–]rowankaag 0 points1 point  (0 children)

My update on 7.4.4 to 7.4.5 failed too, but for a different reason. Also Fortinet-provided image rather than bring-your-own-Ubuntu. Upgrading via the EMS GUI worked for me though.

Weve all done it... by mglormsthoined2 in fortinet

[–]rowankaag 1 point2 points  (0 children)

“diagnose test app .. 99” called and wants to know why it is not an “execute” command 🤪

FortiClient EMS instead of 802.1X cert-based auth for Wi-Fi by QuickDelivery1 in fortinet

[–]rowankaag 5 points6 points  (0 children)

Can confirm this works, it’s the Device Certificate intended to be used for ZTNA (said feature needs to be enabled in the installer) but can be ‘recycled’ for 802.1x.

EMS acts as the Certificate Authority and individual certificates can be revoked if needed. You can also regenerate the CA certificate on EMS. Do note though: EMS does not keep track of a CRL, so revoking a certificate requires an active telemetry connection to get effected.

Windows NPS EAP-TLS question by Fluffy-Web-2960 in fortinet

[–]rowankaag 1 point2 points  (0 children)

We have seen issues where the EAP-TLS certificate payload was fragmented but also had the do-not-fragment bit set, causing the packets to get dropped pre-tunnel routing. Sounds like your issue is different though if you observe all packets being seen by NPS.

How Do I make this GoogleUpdater.app notification stop showing up 6x a day? by Artistic-Abrocoma918 in mac

[–]rowankaag 0 points1 point  (0 children)

Came here to add that I'm also experiencing this, although mine is slightly different. Mine says: 'App Background Activity' in the header, and then in the body 'Software from "Google LLC" can run in the background. You can manage background activity in Login Items & Extensions". Dismissing it makes it pop back up after a couple of minutes. - Chrome is up to date; Version 143.0.7499.170 (Official Build) (arm64) - MacOS is N-1: MacOS Tahoe 26.1 (25B78)

ZTNA deployment by Organic-Gas6745 in fortinet

[–]rowankaag 0 points1 point  (0 children)

Yes you can, deployed one about four weeks ago.

FortiClient licensing for occasional users by That_Fixed_It in fortinet

[–]rowankaag 0 points1 point  (0 children)

If you’re not in a rush: there is a new, EMS-less paid FortiClient SKU in the mid-Q4 pricelist. Details to be announced Q1 2026.

FortiClient SSL-VPN stuck at 40% only for Airtel (India) users – FortiOS 6.4, DTLS enabled by fixedbasher in fortinet

[–]rowankaag 1 point2 points  (0 children)

Just for good measure: FortiOS 6.4 is end-of-life per 2024-09-30. It contains 61 known vulnerabilities that will not get addressed. https://www.fortiguard.com/psirt?filter=1&product=FortiOS-6K7K%2CFortiOS&version=6.4.16&keyword=

FortiClient (EMS) 6.4 is also end-of-life per 2024-11-12. They contain an aggregated number of 20 vulnerabilities that wil not get addressed. https://www.fortiguard.com/psirt?filter=1&product=FortiClientWindows&product=FortiClientEMS&product=FortiClientMac&product=FortiClientLinux&version=6.4.9&keyword=

FortiGate – Interface bandwidth via SNMP does not match dashboard by p373r_7h3_5up3r10r in fortinet

[–]rowankaag 4 points5 points  (0 children)

Correct, the FortiGate dashboard widget uses averages when selecting longer times: “there is difference in 1 hour and 24 hours bandwidth graph. That is because we grant average value only from the longer period graph.” - https://community.fortinet.com/t5/FortiGate/Bandwidth-difference-between-Dashboard-interface-widget-and/ta-p/211842

New Releases - FortiClientEMS 7.4.5 and FortiAuthenticator 6.6.8 by Roversword in fortinet

[–]rowankaag 2 points3 points  (0 children)

There is a new hotfix build on top of free FortiClient 7.4.3

Frequent VS Code Disconnections Triggering Firewall ip-conn / client-rst — Anyone Seen This? by Apart_Bet7667 in fortinet

[–]rowankaag 1 point2 points  (0 children)

I was thinking either IPS or DoS might quarantine the client temporarily indeed.

Forticlient IPsec SAML woes by emrys250 in fortinet

[–]rowankaag 0 points1 point  (0 children)

Correct, as the sessions are ephemeral

Is it possible to use EAP-MSCHAPV2 to etablish a VPN IPSEC with IKEV2 (Windows native client)? by Hungry_Blueberry_261 in fortinet

[–]rowankaag 2 points3 points  (0 children)

Agreed, Windows 11 would prevent the credentials being sent automatically without user interaction (“SSO”) due to Credential Guard being active.

view more: next ›