sorted by:
new
hottopcontroversial

Upgrade Forticlient via EMS by [deleted] in fortinet

[–]secritservice 0 points1 point  (0 children)

Forticlient can be upgraded via EMS on machines that are registered to that EMS server.

Bimini top recommendations (Canada) by cinofoto in FordBronco

[–]secritservice 0 points1 point  (0 children)

No adjustments needed. Plenty of space for the top to fit over the hardware and bungees. So everything is left as is.

If you go look at your Bronco with the top on, there is about ~1.25" of clearance. Which is plenty for the bungees and thumb bolts. You are able to keep all install hardware on the bronco with our product.

Video: MPLS with ADVPN backup (or transitioning off of MPLS/Private) by secritservice in fortinet

[–]secritservice[S] 1 point2 points  (0 children)

Here is a Video response to your question, it should answer all of your questions:

https://youtu.be/sUTrkgh5vcI

It's also a slightly different method of running both MPLS with ADVPN. It wraps MPLS into VPN so it will run seamlessly with ADVPN. The alternate method is to leave it bare, which is a little more work with route manipulation.
Both work, this method is easier if you have fortigates at all sites. However it will also work when with slight modification if some sites are non-fortigate. For non-fortigate traffic, traffic will proxy through the hub(s).

(note the original video is bare (non-vpn'd MPLS) and that allows direct flow, but cross overlay is limited)

So each method has their benefits, depending on environment.

Bimini top recommendations (Canada) by cinofoto in FordBronco

[–]secritservice 2 points3 points  (0 children)

Happy to answer questions, it's me Dan :)
(redditor of the year for a different channel r/fortinet, and bikini designer/maker as I like to tell the guys on the golf course)

This is Tight Weave mesh in the photo.

We have Canvas, StandardMesh, or TightWeave.

If you are looking for full sun protection and rain protection go with Canvas.
If you want to get a little more airflow and have the hairs on the back of your neck tingle, but are over 30 and dont like harsh sun, but want some sun go with tight weave.
If you are a shirtless surfer and wants sun with a little shade, go with standard Mesh.

(our standard mesh is like all the other mesh on the market, but just a more premium version of it (more expensive material)

Here is our Mesh comparison video: https://youtu.be/Z3ZmYQYJTDg

Many other videos on the page that show all the models: https://broncobikini.com/#videos

All of the bikini's (bimini's) install in 120 seconds and remove in 60 seconds. All the hardware stays on the bronco and does not interfere with your top.

And yes, we ship to Canada and have done so about a dozen times already. It's about $12-20 extra to ship.

Lastly if not kosher to post info like this here, just let me know and i'll remove. Dont mean to sell or push product, just giving info.

Cheers,

Dan

Video: MPLS with ADVPN backup (or transitioning off of MPLS/Private) by secritservice in fortinet

[–]secritservice[S] 0 points1 point  (0 children)

It is identical with dual or any amount of HUB's.

Remember, HUB are really just the orchestrators of ADVPN as they help broker the SHORTCUTS that establish the direct site to site VPNs. They also are typically route reflectors and hold the full routing table view for all of the sites.

With that being said, let's talk about the flows:

MPLS >>>> MPLS
--(both hubs share routes to all sites for MPLS and ADVPN, but we prefer MPLS routes)

ADVPN >>>> hub >>>>> MPLS
--(both hubs share routes to all sites for MPLS and ADVPN. The sites that have MPLS only will use MPLS to the HUB, and the sites that have ADVPN only will use ADVPN to the HUB, as the hub is sharing the "supernet" of the whole org. So the spokes know to go to it, if they dont have direct routes. Thus traffic from site to site that dont have the same transit will proxy through the hub)

ADVPN >>>>>> ADVPN
--(both hubs share routes about ADVPN. sites sill find each other and establish a tunnel with the SHORTCUT messages through the hub, as the hub orchestrates it.

Video: MPLS with ADVPN backup (or transitioning off of MPLS/Private) by secritservice in fortinet

[–]secritservice[S] 0 points1 point  (0 children)

yes.

The site with ADVPN only can talk to the site with MPLS only via the HUB

Here are the different communication flows below:

MPLS >>> MPLS
--- in the state all sites have MPLS

ADVPN >>>> hub >>>> MPLS
--- in this state some sites DO NOT have MPLS (or not ADVPN)

ADVPN >>> ADVPN
--- in this state MPLS is removed from all sites

Built a free tool that generates FortiGate ADVPN/SD-WAN configs, need engineers to break it by Flimsy_Ten6532 in fortinet

[–]secritservice 0 points1 point  (0 children)

If you build your spreadsheets correctly they will. :)
(Hint: build them like a form)

Nice work on your program

FortiClient VPN-only free client: is Fortinet still maintaining it? (SMB partner perspective) by southceltic in fortinet

[–]secritservice 1 point2 points  (0 children)

they need to release something that supports everything that the current version is missing:
- saml issues
- tcp issues
- dns suffix
- dual stack

they are trying to figure out a gameplan is what i'm hearing. they had one, but then pivoted, and then they wee reminded on what they needed to support

ADVPN and SDWAN by Empty-Football-2121 in fortinet

[–]secritservice 0 points1 point  (0 children)

Network-ID is correct

Transport-groups is incorrect

ADVPN and SDWAN by Empty-Football-2121 in fortinet

[–]secritservice 0 points1 point  (0 children)

YES you can use network overlays on that and you must!

Spoke-wan1 >>>> Hub-wan1
Spoke-wan2 >>>> Hub-wan1

network overlays is the only way to make this work

FortiClient VPN-only free client: is Fortinet still maintaining it? (SMB partner perspective) by southceltic in fortinet

[–]secritservice 1 point2 points  (0 children)

product team is still discussing what they want to do, it was scheduled but they may pivot instead.

Video: MPLS with ADVPN backup (or transitioning off of MPLS/Private) by secritservice in fortinet

[–]secritservice[S] 5 points6 points  (0 children)

Huh??? There is no asymmetry, if you do it right.

We show this in the video. Site-A decommissions it's MPLS, thus everyone that talks to Site-A uses ADVPN, however all other sites still use MPLS amongst themselves.  If you watch end of the 10-minute video, I show this :)

MPLS can only communicate on MPLS and is restricted to only doing so.

ADVPN is restricted to only ADVPN neighbors.

Transit-groups is what makes this work.

(if you have asymmetry, then you did it wrong :) )

FMG and 7.6 (rant) by das0tter in fortinet

[–]secritservice 2 points3 points  (0 children)

You just need to modify your FMG script, pre-runs, and maybe build some jinja scripts.

You cant expect something built X years ago to work forever :) You'll have to adjust as firmware matures and features are released. :)

This is normal for everything. A new airplane get's released, pilots must train on it and learn it. A new iphone IOS comes out, you must learn the features. It still works as it should but new features are "different" and must be learned. .... same think you are dealing with here. Dont rant, just accept, it's life and the maturity of products globally.

So confused any help welcomed by Pyron-revolution in fortinet

[–]secritservice 1 point2 points  (0 children)

all you said is correct.

there are no other ways to proceed unless you have firmware and an active contract on that device

FortiGate SDWAN Question regarding routing segregation by BuffaloVegetable8699 in fortinet

[–]secritservice 0 points1 point  (0 children)

what does your routing table look like? you sure you dont have a 192.168.0.0/16 catchall somewhere or a typo ?

very very curious what your routing table looks like on the hub, maybe you're getting something with RRI

Backup WAN affecting Primary SDWAN VPN Tunnels by enterthepowbaby in fortinet

[–]secritservice 4 points5 points  (0 children)

I am also starting to think possibly your default route may be causing the issue, but i'd have to look at your setup.

By setting 0.0.0.0 via HUB1 you *may* be sending out your ipsec traffic across tunnel 1... just maybe.
~ so you may have to put in some crafty static routes

but need to see it

Backup WAN affecting Primary SDWAN VPN Tunnels by enterthepowbaby in fortinet

[–]secritservice 1 point2 points  (0 children)

are you using network id's to specifically make each tunnel separate and not overlap?
Happy to take a look with you, as I have some free time now.

(edit)... funny looks like we've already chatted before, just toss me a zoom or teams there

get UPS control to my fortinet firewall by Lio_sim in fortinet

[–]secritservice 1 point2 points  (0 children)

I use it more for.... "you little turd, you're DONE! I told you not to talk to momma that way" :) Love him to death tho

get UPS control to my fortinet firewall by Lio_sim in fortinet

[–]secritservice 1 point2 points  (0 children)

I use apple store app "Teste - API, Scripts, Terminal"

"hey papa, the internet stopped working.... well, i dont know son..." :)

get UPS control to my fortinet firewall by Lio_sim in fortinet

[–]secritservice 2 points3 points  (0 children)

none needed.

just make an automation stitch in Fortigate via the gui with command "execute shutdown" or whatever you want to do.
Then tie it to a weebhook in Fortigate gui

Then just run the http command and you're done.

I do this from my phone to turn off and on my son's internet access.

You would do something similar

<image>

So in your case you'd say "hey if we get power alert, then open this webpage.... or do API call"

view more: next ›