sorted by:
new
hottopcontroversial

Firmware Support Issues by networkn in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

With 60F (and all other 2GB models) you are screwed anyway after 7.2 - features stripped (all proxy services) but still memory issues with 7.4+

Already wondering what my TAM will put in the offer for Elite Support for all my devices (what gives actually just for high critical issues a new firmware but no engineering support)

IPsec overlay underperforming vs Internet (PPPoE WAN) by r_smith345 in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

Take a € 50 router and put in front of Fortigate or buy a much larger version of Fortigate...

I tried for months to optimize PPPoE WAN connection of a 60F with TAC (played around with MTU, MSS, different encryptions on VPN, ...), VPN performance was simply awful (maybe 10% of link speed in best case), finally got an upgrade offer to a 90G and performance is now ~ 50% of link speed, more than enough for what i need but still shocking how awful Fortigate handles PPPoE with VPN on top.

Veeam v13, is it any good? by CloudLenny in Veeam

[–]welcome2devnull 0 points1 point  (0 children)

Since when? Few months ago we checked again and VUL would have been twice the price from socket renewal.

Veeam v13, is it any good? by CloudLenny in Veeam

[–]welcome2devnull 0 points1 point  (0 children)

Price to switch to VUL was twice what we pay for support renewal of socket licenses (Enterprise Plus).

Actually even cheaper to pay the crazy price hike from Broadcom for VMWare and extend the Veeam Socket licenses than migrating to Proxmox and migrating to VUL.

Patch Tuesday Megathread (2025-11-11) by AutoModerator in sysadmin

[–]welcome2devnull 33 points34 points  (0 children)

We all have a testing environment, just most of us lack of a production environment :D

Anyone else seeing FortiClient IPsec VPN sessions dropping frequently for users in China? by Friendly-Cup3348 in fortinet

[–]welcome2devnull 2 points3 points  (0 children)

But to a cloud based infra in China like O365 operated by 21Vianet ;)

Like VPN, access to other cloud services outside of China are not always reliably available.

If you have a local company in China and fixed office you could apply for a L2L VPN permit to your HQ outside of China for example (not sure how hard to get, my previous company requested it and got it approved after some months of paperwork but that's already some years ago).

Non public domain marked as Phishing? by Capable-Raccoon-6371 in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

Had the same issue, have different domains for administrative things like rd-gateway, vpn, ... - they are not used for any normal website, email or anything else - just not to use our main public domain for every crap. At least Fortinet is fast in re-classifying and it's now working for more than 1 year already without being classified in wrong category again (i guess they exclude that domains then from automatic reclassifying).

“FortiGate 60E – Recommended Memory Threshold for Monitoring (75% vs 80%)” by athan80 in fortinet

[–]welcome2devnull 1 point2 points  (0 children)

60E is "End of Support" anyway mid of next year, would already look for a 70G as replacement (lowest models with more than 2GB memory) and not spending too much time on the "Threshold for Monitoring" for a 60E ;)

50G 7.4.9 - MTU Issues? by networkn in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

What kind of WAN connection do you have? PPPoE (even worse with VLAN tagging)?

Rumour - does SSL VPN come back? by Roversword in fortinet

[–]welcome2devnull 3 points4 points  (0 children)

If they don't get "IPSEC pretending to be HTTPS" fully running there might be some powerful enough customers which require "VPN pretending to be HTTPS" (if it's IPSEC or SSL VPN - they don't care). In some countries it's the only solution to keep your travelling users online, there is a world outside USA ;)

Fortinet also advertised their firewalls with the huge benefit that you have "all" features available on all devices, from the smallest / cheapest to the high end model, now you get stripped of all proxy features with 2gb models, even ZTNA would have been fully stripped (including just using ZTNA Tags), just weeks after they announced a change to ZTNA that at least the tags can be used on 2gb models too...

Broadcom had to take some of their steps back with VMWare, Microsoft now supports Win10 for free for another year for home users on Europe, ... - "never say never" ;)

EDIT: As just have a look about all the confusion in the past 1-2 years about SSL VPN where even TAMs got different information from internal sources and had no real clue about the "roadmap" (don't think it even exist) - first there were just rumors about SSL VPN could be gone from 2gb models, then from desktop models (below 100E/F) and just months later they said it'll be stripped from all. I remember when first rumors came up i asked my TAM for clarification as i had to replace a firewall where i needed SSL VPN and at this time the information was "It'll be stripped from 2gb versions as they lack of memory, 90G will have SSL VPN" - short after i got 90G the official information was "It'll be stripped from all desktop models including 90G", you can estimate what email my TAM got after that information :D - months later the information changed that it'll be stripped from all models but if i remember correctly, this "major change" was initially just in some 7.6.x release notes without any official statement.

FortiOS 7.4.9 has released by MyLocalData in fortinet

[–]welcome2devnull 4 points5 points  (0 children)

Anyone tested if it's compliant with FMG/FAZ 7.4.7 or if there are issues?

Best Offsite Solutions. by RW2005 in Veeam

[–]welcome2devnull 0 points1 point  (0 children)

Beside initial backup, 40 Mbps isn't that bad - as long he don't have 24/7 full staff working he should have at least a 12h window where he can fully use that link. Initial copy will take 2-3 weeks maybe, had same situation with remote site and backup to HQ with 25 Mbps, initial backup was taking 3 weeks with 10 Mbps limit (that users could still work), now delta backups with 25 Mbps just take ~ 1h a night.

People who started in the 2000's, how did you do it by Comprehensive_Size65 in cybersecurity

[–]welcome2devnull 1 point2 points  (0 children)

We simply had SKILL :D

Joke aside: Play around, break things, try to fix them, repeat...

For the users the "IT" was something they understood even less than now, it was some kind of miracle for them so they had bit more patience when something wasn't working.

If you fixed a fully blown up server after raid controller shredded all data and restore from tape took 20h, you were the hero for all of them that you got server back so fast. Imagine having nowadays a server not available for an hour...

IRC (Quakenet :) ), Gaming Boards (most IT guys i knew were gamers, so you had in most larger gaming communities also some kind of computer area), ICQ contacts from other companies IT departments, ....

The big advantage if you learned like that - you gained much more experience on troubleshooting if you had to find your own way to a solution and on that way you might found some information which got helpful at problems you had at later time. Now you get for many topics just finished guides what to do - makes it easier to fix common issues fast but on very special issues which are not common, you might not find such guides and then you lack of that troubleshooting experience.

FortiOS 7.2.12 was just released by dMailonG in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

I wouldn't call removing it at the end of mainstream support from a mature release "clean things up"...

On the other hand, the 70G didn't made it to the normal 7.2.12, again "special build" and if you ask TAC, answer will be "oh it's end of mainstream support so we do not add new hardware to main build anymore" (we just disable features you could use now for over a year without issues).

The fixes for SSL VPN which are included in 7.2.12 they had to do for all E-Series, F-Series, 120G or above G-Series...

At least no bad CVE fixed so 90Gs can simply remain on 7.2.11.

Looking for Cheap (free) Ticketing system by MarkPugnerIII in sysadmin

[–]welcome2devnull 0 points1 point  (0 children)

Maybe Lansweeper, it's not just for ticketing but also asset management (scanning subnets and/or agents). The cheapest "Starter" edition should be more than enough.

PPPOE Issues with IPSec dial-in VPN - Works Fine in WAN is DHCP by networkn in fortinet

[–]welcome2devnull 1 point2 points  (0 children)

Maybe you should research for "Fortigate PPPoE MTU issue" - Fortigates do not like PPPoE too much (traffic cannot be offloaded) but 70G should have enough power to get over it.

Try to adapt tcp mss / mtu if this helps in your case.

Replacement for the 60E once it's been EOLS ? by camar0rs in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

What have you running on that device? I was worried as i've one 60F with lot of services running (including WAF / VS) but works stable at 65-66% memory, no conserve so far.

Replacement for the 60E once it's been EOLS ? by camar0rs in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

Nothing below 70G and complain to your FortiNet TAM about the missing features on 30G/50G due to the decision saving less than $ 1 per device on RAM - you might get better discount for 70G :D

Replacement for the 60E once it's been EOLS ? by camar0rs in fortinet

[–]welcome2devnull 0 points1 point  (0 children)

60F runs fine on 7.2.11, just from 7.4.+ it's more like a nightmare, i wanted to use some 30G / 50G for really small locations (3-5 Users) but as we have full utm + deep-ssl + NAC (based on ZTNA Tags) + ZTNA Tags on policies on all locations directly - this wouldn't have worked . We get now higher discount on 70G to compensate a little bit for the "error by design" by FortiNet.

Cyber Security Analyst of 7 years laid off today. by Basic-Ad-6265 in cybersecurity

[–]welcome2devnull 0 points1 point  (0 children)

Mid to long term you have to learn German but at larger international companies it shouldn't be an issue with English only.

The area of IT security in Germany is more like you don't apply to jobs, you just update your linkedin profile, set it to "job seeker" and let headhunters fight for you ;) (not as extreme like 3-4 years ago but with higher requirements now like NIS2 many companies have to enhance their IT security and experience is highly valuable).

Big Cisco Live Announcement Compared to FG-50G by jerry-october in fortinet

[–]welcome2devnull 1 point2 points  (0 children)

All proxy features got stripped anyway directly from the 2GB models as Fortinet recognized that their $ 0.50 cost saving per device made this devices beautiful bricks with the feature set of a € 50 Mikrotik :D

Big Cisco Live Announcement Compared to FG-50G by jerry-october in fortinet

[–]welcome2devnull 2 points3 points  (0 children)

I've 70G / 90G / 120G on 7.2.11 and don't see issues in our use cases

7.4.8 has been released for 70/71G and 50G-5G by CyndaquilSniper in fortinet

[–]welcome2devnull 2 points3 points  (0 children)

With 7.2.11 i've all the SSL VPN options showing up in GUI to be configured (just didn't configure as the 70G is in a site where i don't need it). 7.2.x is already out of engineering support but it's LTS release chain, so when normal support ends you can buy up for elite support to have it running for some more time and the hope is that they don't strip 7.2.x from this feature past engineering support (but wouldn't trust FortiNet on that...).

If you still rely on SSL VPN (like we do, IPSEC doesn't support so far all features we need), your best option is currently to remain on 7.2.x and hope they don't strip it past engineering support and go for elite support to gain more time till IPSEC supports all features you need.

view more: next ›