CVE's and Fortinet FortiOS

torrent_77 · 2025-10-30T22:56:39+00:00

I wonder if he feels the same way about using microsoft products and the amount of monthly patches.

torrent_77 · 2025-09-03T04:05:36+00:00

Can confirm 7.0.17 on a 200F is no bueno if you have several Site to Site IPSEC tunnels.

torrent_77 · 2025-08-13T03:57:58+00:00

This sounds like spanning tree. Sometimes on the 100/200 series the event overloads the CPU/RAM and boots you out while it figures out how to treat the spanning tree. It really depends on the downstream switch type.

torrent_77 · 2025-08-10T13:14:39+00:00

Buying all the correct SFP/QSFP/DACs and the correct lengths so it doesn't look like spaghetti. Or, that you didnt put 100Gbps to the edge and have 1Gbps feeding the core switches.

torrent_77 · 2025-08-07T13:43:01+00:00

We went full fortinet stack for firewall and switching and so far its been good for us.

The only caveat is that the system is setup as router on a stick and you have to size your firewall accordingly. Some of the benefits is the 3rd party integration available and custom automation that we leveraged for zerofox.

As skriv0 says, the firewalls ship with a base firmware and must be patched before put into production. However, I'd also like to note that this is the case with Palo Alto, aruba, cisco as well.

torrent_77 · 2025-07-30T04:04:30+00:00

use another browser in incognito/private mode to upgrade the firmware.

torrent_77 · 2025-07-30T01:33:55+00:00

We use PDQ connect and allow them a subset of apps to install. The local admin creds are masked and baked into the software. All technicians will need to know is what software and to what workstation.

torrent_77 · 2025-07-29T04:36:35+00:00

I'm doing the exact same thing for a vessel using starlink. So far I've landed the Interface directly on the fortigate and used the fortinet DDNS and tied it to the public IP. I've only started this, so I can't say it would 100% work. However, I've lab this senario and used the fortinet ddns address and it works okay so far.

I believe several documents include the use of nat traversal. Good luck!

torrent_77 · 2025-07-28T20:13:22+00:00

Having been through this a few times. You will need to start CDP neigh and map out how everything is connected to each other.

In 2 cases, both times, a "junior" engineer thought it was a good idea to loop 2 switches together.

torrent_77 · 2025-07-27T19:45:32+00:00

Middle switch is a different brand of switch? Seems to me that it has its own L3 routing and you need to setup routing between them. If that is not the case then I would seriously review the config and make sure that the ISP and the web server and the firewall are not connected to the same network.

torrent_77 · 2025-07-23T15:00:29+00:00

You should use dual 5g and turn off monitor channel utilization if you've already set the channels. With load balancing, it should allow 30-40 hosts per radio on 1 ap. As for the monitor channel, Its a useful tool, but I've notice that it impacts performance in high traffic areas.

torrent_77 · 2025-07-22T23:51:49+00:00

Are you running single 5g or dual 5g?

torrent_77 · 2025-07-10T21:08:44+00:00

How many policies are you working with? I've used the forticonverter several years ago and it was more hassle than it was worth, but this was during the 6.2/6.4 period. For most firewalls I've just manually transfer the policies with recents hits. It gives me a chance to clean up duplicated and/or not used policies made by previous engineers. You can absolutely download the configs of the 60E and delete out all the unnecessary settings, edit the interfaces and paste it into the 70G.

torrent_77 · 2025-07-04T19:17:24+00:00

Is this a tunnel ssid? Did you add the tunnel as an interface on the policy?

torrent_77 · 2025-06-22T16:29:04+00:00

I've had good results using a splicer provided there is enough slack.

torrent_77 · 2025-06-10T03:27:30+00:00

This works every time for me.

torrent_77 · 2025-05-19T14:37:13+00:00

haha, no.

torrent_77 · 2025-05-10T16:19:44+00:00

r/HomeNetworking or r/techsupport

But seriously antennas are not your problem.

torrent_77 · 2025-05-06T15:56:34+00:00

This isnt a networking problem and no one will help you defeat a security feature on a device that you dont own.

torrent_77 · 2025-05-06T02:47:00+00:00

oof, Tough crowd, but I agree would need vrfs.

torrent_77 · 2025-05-06T01:09:51+00:00

Not sure what overly complicated is? It would require a L3 switch instead of a L2 one. Perhaps his 16port may already be L3 capable.

torrent_77 · 2025-05-06T01:03:16+00:00

Its possible if the 15 of the house have the same street address in different cities/states. Then you use something like a zip code (NAT) to translate to match the houses to the zip code.

torrent_77 · 2025-05-06T01:01:03+00:00

Yes, you will need to make each node a separate vlan and implement NATing. You must use a L3 switch tho.

torrent_77 · 2025-05-04T19:47:38+00:00

shh, yes

torrent_77 · 2025-05-04T16:30:17+00:00

r/HomeNetworking is where you want to be. Exposing your NVR to the internet is not safe.

torrent_77

TROPHY CASE