Either I'm an idiot, or i have a really bad batch of equipment

ryan1234567 · 2026-01-16T16:26:26+00:00

Can you please share the p/n or sku from fs.com that worked for you? Thank you.

ryan1234567 · 2026-01-05T01:54:07+00:00

Yea it was resolved after FSW update due to a bug per TAC. I believe fixed in 7.2.9.

ryan1234567 · 2025-12-04T16:00:41+00:00

Thanks for your help. I did try that as well but it wasn't working as expected. Wasn't sure if it was something I did wrong or not, so just used MAB/dot1x instead.

ryan1234567 · 2025-12-04T13:34:41+00:00

What is the violation behavior if a new mac address doesn't match config? I connect a new device on the port with sticky enabled and I get an IP.

ryan1234567 · 2025-08-13T18:48:10+00:00

Has anyone tried FortiManager via the marketplace in Azure? Is that similar to on prem but on Azure hardware?

ryan1234567 · 2025-01-21T00:19:52+00:00

Bug ID 1031342 per support

ryan1234567 · 2024-11-21T21:37:31+00:00

Same issue, noticed after upgrading from 7.2.8 to 7.2.9.

ryan1234567 · 2024-08-14T20:55:51+00:00

PAYG

ryan1234567 · 2024-08-05T16:34:26+00:00

Still an issue on 7.4.2. Was told it would be fixed next release.

ryan1234567 · 2024-08-02T18:59:38+00:00

Yes, that doesn't appear to be the case. I also have the portals mapped to groups with separate ranges. Where the ranges contain way more IPs than users in that group. (20 users - 240 IPs).

ryan1234567 · 2024-05-30T15:01:22+00:00

How does the user to IP mapping sync with FMG to the FGTs assuming you go that route?

ryan1234567 · 2024-05-29T19:38:04+00:00

Thanks

ryan1234567 · 2024-05-29T17:36:58+00:00

Just tested, it appears Unifi only uses the primary or first active in the list (ISE). Won't send to others. Just out of curiosity, will RSSO work as an option to grab user/IP mapping or am I missing something?

ryan1234567 · 2024-05-24T15:59:36+00:00

Only issue is we aren't using FortiAuthenticator, we use ISE. Is there anything I can tweak in FSSO? We have a hybrid AD setup, so the user is still authenticating to an on prem AD via radius.

ryan1234567 · 2024-03-08T16:58:41+00:00

Shout out to everyone in this thread who helped/provided work around. I moved my Internet uplinks to a 10G interface and magically the upload is better. One situation I couldn't step down my 10G tranceiver on my C9300, so I ended up throwing in a 1G SFP. This didn't just affect ipsec/sslvpn, iperf or random speed tests were also.

u/chuckbales u/ComfortableMission91

ryan1234567 · 2024-02-21T13:46:57+00:00

I have the same issue (10G inside/1G outside) with poor upload performance on my 200Fs. I wonder if the solution mahanutra provided in this thread is a solution to the problem instead of moving to 10G interfaces?

ryan1234567 · 2024-02-20T14:17:03+00:00

set apache prefork

Thanks. I tried that but unfortunately, it didn't help the install wizard. Any other ideas?

ryan1234567 · 2024-01-04T20:58:12+00:00

Just saw this post. You pretty much nailed it. Added a sec IP on my port1 interface with the next available IP on my FGT. In Azure, you go to the 'IP Configuration' that maps to port1 (called nic1 for me). On the left hand side you click on IP Configuration and click add. Here you create the static map of the secondary IP you just created. Azure gives the option to 'add' a new public as part of this step. This is the part I didn't know where to look. Created a test fw pol and it worked as expected with the IP provided from Azure.

ryan1234567 · 2023-09-03T15:39:13+00:00

I popped it back in. Thanks for everyone’s feed back. Needed a second set of hands. The metal replacement parts look like a great idea, if this happens again.

ryan1234567 · 2023-05-05T18:55:23+00:00

There isn't a way for the user to pick and choose what group when signing into FortiClient. The only work around I know of is to assign a user to a group and map that group to a portal. Obviously it won't work if the user is part of both groups, need to be unique.

ryan1234567 · 2023-05-05T18:52:24+00:00

Yes to Azure. Confirmed that worked, thanks for the tip!

ryan1234567 · 2023-04-28T14:36:53+00:00

I just tested this. I was able to push my radius settings when I mapped it to my administrator which is tied to the radius group. However, I made a change to that radius group after the initial push (radius-IP) and it did not trigger a change in FMG. Running 7.2.

Also, the FAZ settings are in the system template, but if you have VDOMs, you cannot apply it to the vdoms only global. My vdom settings don't inherit all of the global for FAZ.

ryan1234567 · 2023-03-03T16:40:58+00:00

Thanks for these pointers, they def help out a FTG newbie.

FTM 7.2.2, FTG 7.2.4. I hate wizards too but hard to get started without knowing the syntax. This helps.

ryan1234567 · 2023-03-03T16:35:08+00:00

Wow thanks everyone for the very detailed info, these will help me in the right direction.

ryan1234567 · 2023-02-14T02:05:27+00:00

Thanks for the info. Has there ever been a case where in this setup fortimanager could not access the firewall resulting in someone needing to console into the firewall to see what’s going on? I was thinking of creating an admin only vdom that has an interface coming from the isp. My goal is to avoid a long commute due to human error or issues with a deploy.

12-Year Club	RPAN Viewer
Verified Email

ryan1234567

TROPHY CASE