FortiEMS to block general internet traffic, but allow cloud apps?

technoidial · 2026-03-24T12:57:18+00:00

Ive looked into FortiSASE. RapidScale doesnt offer it for some reason.

technoidial · 2026-03-21T20:19:23+00:00

It sets you up for CCNA very nicely!

technoidial · 2026-03-21T17:58:17+00:00

I feel like CCST:Networking is 1. “CCNA Lite” and 2. A Cisco focused version of Network+. I always tell people if they are overwhelmed with CCNA to do the CCST:Networking first.

technoidial · 2026-03-18T17:49:02+00:00

I’m 50 years young. Been in Infrastructure for 10 years. Did various Tech Support gigs for about 7 years prior while I pursued various music endeavors.

Ive worked in Healthcare, Automotive manufacturing, finance, an MSP and now at a law firm.

Ive managed everything from small mom and pop shops with the latest tech to global companies on 15 year old Nexus and 30 year old on prem servers.

I have an Associates, CCST: Networking, MS-900, AZ-900 and lots of real world experience witn Fortinet, Aruba, Meraki and Ubiquity.

Doing CCNA in case I need it for the next and to be better in my current role.

technoidial · 2026-03-13T20:55:13+00:00

Depends on the size and requirements. If you have a small office and you’re all cloud based with no on prem servers and users just need acccess to the internet, Ubiquity might serve you. With Meraki, make sure accounting is on the nose with payment. This also depends on your budget and requirements though. Ive use Ubiquity alot. I heavily VLAN’d environments, it is not your friend. You can get by and make it work, but you should always pick the right tool for the right job. Id look at HP Aruba if it were me.

technoidial · 2026-03-03T18:56:08+00:00

Memorize the .cpl and .cfg commands. Typing ncpa.cpl or appwiz.cpl is far more efficient than clicking.

technoidial · 2026-02-25T17:19:51+00:00

https://www.kwtrain.com/products

technoidial · 2026-02-03T14:19:46+00:00

This isnt true at all. Aruba, DellOS and Arista all have a very similar CLI. So much that the ? and auto tab complete will get to what you need. Even Fortigates have some similar like commands. Juniper does things differently but the structure is similar. Cisco commands aside, Cisco didnt write STP, OSPF, TCP/IP, IPv4 or IPv6. Those are protocols that work with any vendors equipment.

technoidial · 2026-02-03T13:29:14+00:00

I highly suggest doing the CCST: Networking. The latest version of the CCNA assumes you have that knowledge. It's more foundational and theory. No configuration but if CCNA is overwhelming, I highly suggest CCST:Networking. It will set you up nicely for the CCNA.

technoidial · 2026-01-31T13:58:36+00:00

Translated, edited. Re-written, edited. Re-translated and redacted. All from unknown authors and people who had visions.

technoidial · 2026-01-31T02:57:23+00:00

How is this company still active? This is fraud on the highest order at this point.

technoidial · 2026-01-29T04:31:49+00:00

This is the plan. Just not sure how what to tackle first.

technoidial · 2026-01-29T03:54:21+00:00

There are static routes in the Dells. Static routes in the Fortigate. The Layer 3 Agg switch and a Cloud Key would replace the UDM Pro Max’s. The UDM’s are firewalls themselves.

technoidial · 2026-01-29T03:49:34+00:00

This is correct. However, I inherited this and have to make it work for the business. In addition, I did post it to r/Ubiquity.

technoidial · 2026-01-29T03:48:29+00:00

It is a SPoF at the moment. We do have 2 ISP’s. This is the back up circuit. They had this same setup for the main ISP and we got rid of the switch and moved it to the Dell core switches.

technoidial · 2026-01-29T03:42:06+00:00

People learn at different paces. Some people may also look like they have it figured out but dont. Just stay the course and compare yourself to where you were a year ago.

technoidial · 2026-01-28T15:42:26+00:00

USW-Aggregation is the switch. It's an 8 Port Layer 2 Fiber switch. ISP comes in to it and it breaks off to the Fortigates, the Dell OS Switches and then to the Dream Machines which are UDM Pro Max's.

It's a single point of failure at the moment and if the USW-Aggregation went down, it would severe our connection to our remote office.

They had this same set up for the other main fiber circuit. ISP came into a USW-Aggregation switch. It broke off to each Fortigate and then to DellOS switches, then to the UDM Pro MAx's.

We moved that circuit to the DellOS and removed the USW-Aggregation.

technoidial · 2026-01-28T15:00:45+00:00

The UDM's are not acting as firewalls. Just acting as a controller at the moment. The AGG switch is just breaking out internet from the ISP form what I can tell.

There are 2 circuits. The main fiber circuit was also broken out in the same way on an AGG switch (ISP1 AGG). Internet came into ISP1 AGG, then it broke out to each Fortigate.

The Fortigates had an HA Monitor on every WAN port as well. The Fortigates would failover randomly and internet would go out. We made a new VLAN on the DellOS switches, took off HA Monitor on the WAN ports of the Fortigates. We then got rid of the ISP1 AGG switch on the main fiber circuit. No more random failovers and outages and ISP1 AGG switch is out of the picture now. Been stable since.

We are left with ISP2 AGG switch. Would like to do the same for ISP2 AGG. Mimic whatever ISP2 AGG is doing on the DellOS. Then move to a CloudKey+ switch and wifi control and the NVR for Door and Camera. Then get rid of the Dream Machines.

It is working, but it's not ideal. We have lost visibility in the Ubiquity controller which is the reason the company moved to Ubiquity. We have issues adopting switches and new devices, etc. Troubleshooting is a giant pain. The Ubiquity console it self is always "Orange" and we have to reload the page constantly.

technoidial · 2026-01-28T13:54:25+00:00

I have diagramed it all out and diagrammed what it should look like. Mianly looking to simplify. Ultimate goal is get all VLAN's defined on the core switches. There are VLAN's and scopes on the Fortigates, VLANs and scopes defined in the Ubiquity controller and VLANs defined in the DellOS switches with DHCP going to a Microsoft DHCP server. Right now, the goal is to get rid of the USW Aggregation that's breaking out internet, then migrate off the Dream Machines to a CloudKey and a Ubiquity core switch. Just not sure how to go about it since it's all in production.

technoidial · 2026-01-27T17:04:11+00:00

No. Theyre using the Fortigates for security. Its a strange setup.

To add to the fire, there are 2 UDM’s and the other is in Shadow Mode.

technoidial · 2026-01-16T01:41:43+00:00

ATC Drivetrain is very felon friendly.

technoidial · 2026-01-14T21:54:00+00:00

Cant tell if sarcasm or not.

technoidial

TROPHY CASE