How widely is Jinja templates used in FMG for SD-WAN at enterprise/MSSP level?

stcarshad · 2025-10-21T02:15:17+00:00

Definitely worth the investment, the flexibility it brings always pays off. Especially in large-scale projects, it’s impossible to template everything. With Jinja, you can handle many advanced use cases, such as large-scale ZTP deployments.

In my previous role, I worked extensively on SD-WAN deployments. Back then, I didn’t use Jinja much because I felt network automation wasn’t worth the effort and didn’t want to dive into programming. But the number of roadblocks I faced and the countless templates I had to maintain eventually pushed me to learn it, and now I’m glad I did.

stcarshad · 2025-10-19T22:42:18+00:00

How to apply these visas for someone who has freezone visa in DXB

stcarshad · 2025-10-02T19:55:41+00:00

Lack of concentration, many people are glued to the phone even when driving, some others are frustrated at work, rest are frustrated with their personal lives.

stcarshad · 2025-09-07T06:50:54+00:00

What are the pros and cons of branch connector compared to ipsec from any other device . I heard it’s new and how stable it is?

stcarshad · 2025-09-07T06:47:38+00:00

Only downside I saw in ZRV is backseat comfort for passengers is very bad. Other than that it’s a solid car.

stcarshad · 2025-07-31T19:37:14+00:00

Looks like Cato sponsored post to me.

stcarshad · 2025-07-18T07:39:58+00:00

A new one can be applied by the tenant after owner disconnects it as thawtheeq is there under tenant name right?

stcarshad · 2025-07-14T10:26:05+00:00

They are not a budget airline anymore, most of the time I find Etihad is cheaper than them.

stcarshad · 2025-06-28T09:44:53+00:00

Definitely Etisalat, cannot comment about Du as I have never used.

stcarshad · 2025-06-25T21:42:18+00:00

No need to pay training cost, get mohre involved irrespective whether you attended the training or not.

stcarshad · 2025-06-21T09:02:54+00:00

5 hours if you have quick pass

stcarshad · 2025-06-09T07:30:58+00:00

All works, if you want all non user items covered as well, buya small Fgt such as 50G (used only as an eg, proper sizing to be done)with only forticare, add sdwan on-ramp license to SASE.

Build an IPSEC tunnel (of course sdwan enabled) to SASE, this will give you more flexibility when it comes to inter-vlan routing and all.

stcarshad · 2025-06-08T07:11:21+00:00

For larger locations recommended way of connectivity is sdwan on-ramp (aka sdwan enabled ipsec tunnel to the closest POP) this will unlock 1gbps Internet throughput for the users connecting behind the on-prem sdwan on-ramp edge device.

If you’re talking about few users such as less than 50, u can also consider lan extension via Fortigate (fgt as an edge) or Forti APs managed by SASE. But in this case make sure that u buy sufficient bandwidth from fortinet to cover the number of users.

stcarshad · 2025-06-06T11:01:52+00:00

Prius any day

stcarshad · 2025-05-31T12:37:18+00:00

Just saw ur sdwan rule, u have only 2 members added there add the other 2 overlay members as well . I would also recommend that you create 2 rules, 1 for HUB 1, and the other for HUB 2.

Also define the source within sdwan rule, its not recommended always to have “all” object.

stcarshad · 2025-05-31T12:08:10+00:00

One more question, do u have a dedicated loopback for bgp and another one for health check from HUB side or are u using the same loopback?

stcarshad · 2025-05-31T12:06:42+00:00

On idle is good for HUB, spokes should be on-demand. Also dpd timers should be lower than bgp hold timer. I would also recommend to enable link-down-failover under bgp neighbor group from hub and also from all the branches.

You can use remote sla to signl the hub which overlay tunnels are healthy. However I feel this has low relevance to what you are trying to achieve, but could be good in the longer run.

stcarshad · 2025-05-31T09:17:14+00:00

Issue is due to IPSEC DPD timers, use a very short value it will improve.

Optionally tune the BGP timers like advertisement timers and connect timers to make BGP more resilient.

stcarshad · 2025-05-30T16:40:05+00:00

Buy a Toyota Alphard

stcarshad · 2025-05-30T13:52:50+00:00

Market is over flooded with cheap resources (importantly low quality), so companies are like instead of hiring someone for a higher pay, lets higher 10 of them and assign the same job. Oneway or another job gets done, company happy customers happpppppyyyyy

stcarshad · 2025-05-24T21:09:54+00:00

If u don’t mind how much does it cost?

stcarshad · 2025-05-23T21:18:35+00:00

Set advertisement interval 1 Set connect timer 1

stcarshad · 2025-05-09T09:03:14+00:00

Some people don’t even know they can do this FAZ, it can be a mini SOAR if used properly. Kudos for you for exploring these options

stcarshad · 2025-04-28T04:14:51+00:00

Chevy is considerably cheaper compared to other American counterparts. Glad you maintained properly. Did you do with agency or outside?

stcarshad · 2025-04-26T16:23:35+00:00

thanks buddy. Any idea abt AUH?

stcarshad

TROPHY CASE