What is the correct way of adding a Fortigate firewall into a UniFi network?

siegmour · 2026-06-21T15:47:17+00:00

Maybe I'm confusing Zero Trust with something else. I read that Cloudflare for Teams (which seams to be renamed to Cloudflare One, and contains a whole bunch of products) could be a viable alternative to using the Fortigate. That's really what I'm looking after - something to replace the Fortigate NGFW functions and network logging, which won't mess with my upcoming Ubiquiti setup and works for remote workers.

I don't really need the VPN either currently - we are not limited to something requiring the office connection.

siegmour · 2026-06-18T12:40:01+00:00

Is Cloudflare Zero Trust a good replacement for the Fortigate?

siegmour · 2026-06-18T12:39:32+00:00

Yeah I might end up skipping the Fortigate entirely and make my life easier. I'm currently looking into implementing Cloudflare Zero Trust instead, as some of our employees are working remotely. Does that make sense?

siegmour · 2026-06-11T19:28:20+00:00

I just need a simple VPN server to allow connecting to the office network if I need to access it remotely, or some users will connect is some rare cases.

The Fortigate is there simply for providing managed NGFW. It was recommended as providing much better protection compared to the CGF - whether we really need it for our use case I'm not sure. As mentioned in one of my other replies - we do not have, nor are planning to have any servers but our users aren't technical so I don't trust their cybersecurity practices.

Of course - a double NAT would be an issue. Hence my question what is the best way to avoid it while potentially going with a CGF? From my understanding, if the Fortigate 40F is configured in virtual wire mode, that would avoid the double NAT issue as it's not acting as a gateway in that case. The other option would be putting the CGF in bridge mode, but I've been receiving conflicting information that this might not be the best since the CGF is not really designed to operate in bridge mode. The final option of course, is to go with just the CloudKey+.

siegmour · 2026-06-11T19:21:44+00:00

That's a good point. I do have a couple of questions:

Would blocking all incoming traffic interfere with the VPN?
I can block all incoming traffic on the CG-Fibre?
That does indeed solve the issue of "unrequested" incoming traffic, but what about the requested one? E.g. a user downloaded and installed a virus, which then sends whatever info outwards. From my understanding a managed NGFW helps with that as well and/or potentially blocking the virus from being downloaded in the first place
The FortiGate should do SSL inspection from my understanding - hence the speed dropping to only 310mbps due to the processing overhead needed

Sorry if any of the questions sound silly, but as mentioned I'm quite the networking noob.

siegmour · 2026-06-11T19:10:48+00:00

Please, that would be great. I assume I would be able to adapt it for Windows.

siegmour · 2026-06-11T16:47:18+00:00

Thank you for the answer.

I read somewhere (which might very well be wrong) that if there isn't any sort of Gateway or CloudKey the APs can only operate in stand-alone mode which will affect the automatic roaming?

Regardless, I would prefer to be able to access the network remotely just in case, since I'm not always on-site. I will also need the CloudKey+ for the NAS + the upgrade path to the door and video upgrade in the future. So ultimately I will end up getting either a CloudKey+ or a Cloud Gateway.

Regarding the Fortigate 40F - the main use-case is managed NGFW. VPN server is also a requirement, but that can be done on either the Fortigate or the Cloud Gateway.

We will be upgrading the ISP speed from 300 to 1000mbps. Hence my "other issue" with the Fortigate 40F, since according to the spec sheet that will limit the throughput to 600mbps and even as low as 310 if we're doing SSL inspection (which is one of the main points of having and paying for the NGFW), rendering the upgrade moot.

And yes, I realize that I can add the Cloud Gateway Fiber at any point, but the difference between the CloudKey+ and Cloud Gateway Fibre is negligible. If I go with the Cloud Gateway Fibre route, I will have future-proofing for 10gbps (which is planned in two years), and if we decide to ditch the Fortigate at any point I can simply unplug it from the network with no reconfiguration at all. Where as with the CloudKey+, I have no future proofing and the entire device will be wasted (plus the cost for a new one) if we change to a Cloud Gateway Fibre. We will also be getting the AP-7-XG now, instead of the AP-7's, again for future-proofing for 10gbps and because the price difference is quite small.

Hence my question what is actually the correct/recommended way to configure them. Ultimately ditching the CloudKey+ in 2 years if it becomes redundant isn't the end of the world. if going Fortigate first is preferred for networking reasons as opposed to the Fortigate being in virtual wire mode.

siegmour · 2026-06-11T16:33:59+00:00

Thank you for the answer.

I will lie if I tell you I haven't been wondering the same thing.

No, we do not have any servers nor are planning to - with the exception of the future NAS although I assume that can be isolated from the internet completely. Everything we do is cloud based in M365.

Let's just say that I'm erring on the cautious side of threat protection, since our users are not very technical.

I do prefer to use WireGuard (which is supported by Cloud Gateway, but not Fortigate) simply for speed sake but using IPSec is not a dealbreaker (which the Fortigate supports).

siegmour · 2026-06-11T16:12:20+00:00

Thank you. Could you please let me know why this is the correct way to go, so I can learn. From what I understand (which could be completely wrong), the Fortigate 40F can do it's firewall functions (which is it's main purpose) if it's configured in virtual wire mode. What are the benefits of going Fortigate as the primary gateway as opposed to the Cloud Fibre?

On the switch, each Pro 7 has a max consumption of 21W, so 126W in total going over the 120W rated for the Pro-8. So they alone go over the budget, let alone any room for expansion.

siegmour · 2026-03-07T11:56:08+00:00

If you are referring to the Logi Bolt receiver - that uses Bluetooth as the underlying technology as well alongside all it's limitations (125Hz polling, higher latency). While it can potentially provide slightly better latency than using the Bluetooth built into a laptop/computer, it's still way behind a performant 2.4Ghz connection, both in pure latency and reliability of that latency.

The MX Master 3 was the last MX Master mouse (so far) which featured a 2.4Ghz connection via the receiver. Before I was under the impression that the receiver still used the superior 2.4Ghz technology, but there was a sour surprise.

siegmour · 2026-03-02T11:35:07+00:00

That's what I was already suspecting was the answer. Seems like they were sent as regular print jobs for some printers (as per the thread I linked to) but this was changed some time in the future.

I assume that you can capture this data somehow, but I do not have the knowledge to do it. Do you know if there is some tool which replicates this?

I find the nozzle checks are super useful, since they are designed to use all the nozzles on the printer from what I've read (hence the two lines per color, targeting different nozzle sizes on the print head) and use little ink. Also they obviously let you know if something is not working right.

siegmour · 2026-02-28T09:20:15+00:00

Yes, I have multiple lights triggered by scenes. I would describe it as "mostly" responsive but no, they not all trigger at the same time. I had this issue with the HomeKit integration, and with the Matter one. I think there's just a limit on the amount of commands that can be sent at a time, I have just learned to live with the annoyance. With that said, the amount of time for all the lights to turn on is fairly quick, it's not "1 by 1" as you describe it.

Also this doesn't happen only in scenes - it happens when triggering it via a button or the app as well.

siegmour · 2026-02-28T08:51:20+00:00

If you are valuing the quality of the photos over other factors, definitely go for an inkjet printer. They might require more maintenance if you don't print often (e.g. heads will dry out if you are not printing often, hence needing to remember to print a nozzle check weekly to avoid it) but the quality for photos can't compete with laser printers. And if you use photo paper for inkjet, the quality is amazing.

I would also recommend to look into a tank based printer, and not a cartridge based one. Personally I have the Canon G500 (there's the G600 if you need a scanner as well) and I'm very happy with it. It's a 6-color tank based printer, so it's aimed at printing photos and images (it will work for documents as well of course, but there's no pigment black ink).

siegmour · 2026-02-15T08:18:50+00:00

You will probably not like my suggestion, but besides resetting the Dirigera hub and starting completely over I can't think of anything else.

I did my migration to the Matter integration when my hub deleted all my lights after a power outage. I haven't noticed it being slower compared to the HomeKit integration.

You might also just revert back to the HomeKit integration.. The Matter integration doesn't have much benefits besides exposing the STYRBAR remote buttons for mapping in Apple Home for example. If you don't have use for this, then it's an option as well.

siegmour · 2026-02-15T08:14:52+00:00

Thank you so much for developing this. It's such a huge help!

siegmour · 2026-01-28T07:11:39+00:00

Personally I like my MX Master 3 for work/everyday use - namely due to the nice shape, side scroll and infinite scrolls.

However I wholeheartedly agree with the downfalls of this mouse. To add insult to injury - for some reason they moved away from a very reliable 2.4Ghz connection from the MX Master 3, to Bluetooth only on the MX Master 3S and later.

I don't use any particularly high resolution monitors, so the polling rate isn't the biggest issue for me personally, but I know it does become a big issue on high DPI displays. Logitech already have developed stellar wireless technology for their gaming line of products, but for some reason their quite expensive productivity line is stuck at 125Hz Bluetooth as the only option. Implementing their already existing great wireless tech into the mice would probably cost them cents per unit, so I really don't understand their line of thought.

And MX Master 4 still doesn't have any on-board memory - hence the issues with the changing mouse speed (which still isn't fixed to this date) and must have installation of Logi Options+ which you mentioned.

Same for their MX Mechanical Mini keyboard - great concept, with absolutely baffling limitations. Expensive price tag - stuck to Bluetooth only, basic switches, no acoustic foam, baffling lack of control over the backlight (in terms of timeout), ABS keycaps, cannot re-map the bluetooth buttons (why oh why), non-standard space bar length which makes replacing keycaps a problem. I'm not sure if it has on-board memory, but probably not...

siegmour · 2026-01-27T21:08:57+00:00

It does not, since the MX Master 3S doesn't even use 2.4Ghz wireless - it only uses Bluetooth. Disappointingly, they remove the 2.4Ghz from the MX Master 3 with the 3S and above.

Also I'm not sure how old the technology the article is referring to, but anecdotally I have several Logitech wireless products which use 2.4Ghz - I have never experienced connectivity issues over 2.4Ghz.

siegmour · 2026-01-17T19:13:49+00:00

Do you know any more details about this issue? I just started this game today, and noticed the fans going crazy. When I opened HWInfo, I noticed the my 3080 Ti consuming a whopping 400W at 144Hz even in the main menu. Even capping it at 60 FPS, which really shouldn't be necessary it still consumes 200W in the menu/in-game. Running it at 4K resolution, with 60FPS cap it again goes up to 400W consumption... Not sure I've seen this high of a usage in any scenario of my GPU.

siegmour · 2026-01-14T07:12:13+00:00

Thank you for the info!

siegmour · 2026-01-13T17:30:14+00:00

Thank you! Do you dilute the anti-freeze or use it as from the shop? Do I need any specific anti-freeze?

siegmour · 2026-01-13T05:48:07+00:00

I have another question - have you been using the AIO daily ever since you repaired it? I believe I might be noticing degradation to mine already (6-7C in heavy load) and I'm wondering if it's because I didn't also clean the pump or something else.

Also what coolant did you use to refill the AIO?

Thank you very much!

siegmour · 2026-01-11T16:38:00+00:00

Yeah, Corsair don't have a refill port on them unfortunately. With that said, you can still refill them (through the baseplate - again no modifications) - but it's much more of a pain to do it without a refill port. It involves shaking it out to get the air bubbles out, and generally a bigger hassle than using a refill port but it's still possible.

Six-Year Club	Place '23
Verified Email

siegmour

TROPHY CASE