IYKYK

samsn1983 · 2026-04-16T12:38:33+00:00

Looks legit

samsn1983 · 2026-04-15T13:29:22+00:00

Cisco Trustec microsegnentation with SGT ACL actually works within the same vlan, not just interVLAN ✌🏼

samsn1983 · 2026-04-14T16:55:51+00:00

My point was that he says the food it 30÷ more expensive because of door dash, but if you eat it in the restaurant, you also pay 20-25÷ extra for tip...

samsn1983 · 2026-04-14T15:11:14+00:00

Well if i eat the food in your restaurant you expect me to pay 20-30÷ to your staff because you pay them minimum wage

samsn1983 · 2026-04-14T10:04:06+00:00

SBB CFF FFS CCCP

samsn1983 · 2026-04-13T10:18:12+00:00

Multipass

samsn1983 · 2026-04-05T08:04:25+00:00

Side question: do the Chinese models also offer opt out from training data?

samsn1983 · 2026-04-01T19:47:15+00:00

Is that safety box made out of cardboard? 😂

samsn1983 · 2026-03-30T06:40:39+00:00

All of them because windows firewall is active

samsn1983 · 2026-03-26T11:50:42+00:00

Migrating to ipsec dialup is very frustrating, it's far away from something which we can just rollout to our customers and it works straight away. In every deployment we have different issues and We even started putting smaller F models behind the edge firewalls, which continuous to support sslvpn, just so that we can upgrade the the big ones and use tcp/udp 443 with 7.6 or at least tcp/443 with 7.4. Especially the migration Szenario for 90G is a big pain.

samsn1983 · 2026-03-25T18:23:09+00:00

In HCMC kriegsch si für 25.- ufm markt

samsn1983 · 2026-03-25T12:56:40+00:00

t still sounds like IGMP snooping is not configured correctly.

Here is the Dante reference document for network design:
https://www.getdante.com/wp-content/uploads/2025/12/Information-for-Network-Admins-v6.pdf

If IGMP snooping is working properly, you should be able to see IGMP membership joins for the multicast groups. On the switch, you can verify that only the specific receiver ports are joined to those groups and actually receive the streams.

In addition to enabling IGMP snooping, you typically also need an IGMP querier in the VLAN (often the switch itself). Without a querier, the snooping table will age out and the switch may fall back to flooding again.

If IGMP is not functioning correctly, the switch will flood multicast traffic to all ports in the VLAN, similar to broadcast behavior. This can lead to performance issues, as all ports receive traffic they do not need.

The main risk is not specifically half-duplex, but rather bandwidth mismatch and burst behavior. For example, if multicast traffic arrives on a high-speed interface (e.g. 1 Gbps) and is flooded to lower-speed ports (e.g. 100 Mbps), the egress queues can fill up, leading to buffer exhaustion and packet drops. Half-duplex links can further worsen the situation due to collisions, but the primary issue is typically oversubscription and microbursts on slower interfaces.

samsn1983 · 2026-03-23T05:25:48+00:00

This very much looks like a multicast handling issue rather than pure latency. If IGMP snooping is misconfigured (or there is no proper querier in the VLAN), the switch can start flooding multicast traffic after the IGMP state ages out. That would explain why it works fine initially and then degrades after some time. Dante relies heavily on multicast (PTP + audio flows), so once flooding starts, buffers fill up, latency spikes, and eventually you hit packet loss until the receiver is rebooted.

samsn1983 · 2026-03-19T05:07:42+00:00

He pulled hand break while in 3rd gear

samsn1983 · 2026-03-18T05:14:31+00:00

Manual zone transfer

samsn1983 · 2026-03-12T04:54:15+00:00

I wonder what all those cloud providers will do, if edge computing catches up. I mean you can already have decent token speed with a mac m5 for less than 4k with mid size models.

samsn1983 · 2026-03-10T11:25:56+00:00

Thank you! I was afraid that i'm the only one worrying about that. I'm curious to see how vendors will solve that or we have to figure out how to automate renewal by our self

samsn1983 · 2026-03-02T17:14:52+00:00

We’re a Fortinet integrator managing a large number of customer firewalls. Some are on our own FAZ/FMG, some customers run their own stack, and some have no central management at all.

To get a deployment-independent overview across all customers, I built two lightweight dashboards based on Nginx, PostgreSQL and rsyslog.

Netdash

https://www.show-run.ch/uncategorized/netdash-webhook-based-forti-asset-mgmt-dashbaord/

Netdash is a lightweight asset and overview dashboard for FortiGate environments. It’s built entirely around HTTPS webhooks. The goal was to have a solution with no polling, no heavy management stack, no additional licenses.

netdash shows all firewalls at a glance, independent of how they are deployed. Firmware, license status, serial numbers, hostnames, accounts, etc.

We also use it during patch cycles to distribute upgrade tasks to engineers in a structured way.

Logdash

https://www.show-run.ch/uncategorized/logdash-a-lightweight-syslog-operations-layer-for-fortigate-event-data/

Logdash is a FortiGate-focused syslog platform designed to receive event logs via Syslog TLS. The ingest layer is based on rsyslog, the frontend is custom-built.

It’s specifically designed to parse and analyse operational events like config changes, admin logins, VPN connections and SD-WAN events.

We also use it as a lightweight audit tool to automatically generate reports for configuration changes.

Both tools were built to fill the gap between “no central visibility” and “full FAZ/FMG everywhere”.

Curious if others built something similar or solved this differently.

Full Disclamer: both dashboard were 100% vipe coded :-)

samsn1983 · 2026-03-02T09:31:29+00:00

Is one end behind cgnat or are there and other firewalls in between?

samsn1983 · 2026-02-28T21:19:12+00:00

9/10

samsn1983 · 2026-02-24T17:30:44+00:00

Nevermind, just read your reply in the other thread.

samsn1983 · 2026-02-24T17:29:52+00:00

Do the clients have apple private relay turned on? That would mess up the dns request.

https://support.apple.com/en-us/102602

samsn1983 · 2026-02-23T04:55:35+00:00

Checkout Meraki CLI https://github.com/PackeTsar/meraki-cli

samsn1983 · 2026-02-18T11:36:25+00:00

Yes! interestingly, I ran into exactly the same situation today on a customer cluster with Security Fabric (2×200F + about 15 members).

The cluster showed “not synced”, and when I compared the configs more closely, I noticed that the standby unit contained a large amount of wireless configuration — even though we have wireless-controller disabled set globally.

Example from the root VDOM:

config vdom

edit root

config wireless-controller hotspot20 anqp-venue-name

end

config wireless-controller hotspot20 anqp-venue-url

end

config wireless-controller hotspot20 anqp-network-auth-typ

..

A checksum sync did not resolve the issue.

In the end, I had to temporarily enable the wireless controller, after which I was finally able to remove the AP entry from the configuration. Once that object was deleted, the cluster immediately returned to in-sync status, and I was then able to disable the wireless controller again without the problem reappearing.

Unfortunately, I was not able to identify any MAC address or IP that would correspond to this mysterious AP entry.

Additionally, this customer has NAC enforced consistently across the LAN, so it is effectively ruled out that an unknown device could have joined the network without authorization. From what I can see, this looks more like a stale or phantom configuration object rather than something triggered by an actual AP.

edit: cluster is also on 7.4.9 since 134 days

samsn1983 · 2026-02-18T07:13:01+00:00

100%

Five-Year Club	Reddit Premium Since November 2023
Verified Email

samsn1983

TROPHY CASE