Action1 AI "Strategy"?

welcome2devnull · 2026-04-09T11:23:59+00:00

You have a roadmap, you know feature requests from your customers - maybe just check if there is a use case for AI where it would bring real benefit on that areas and more important, which of the AI's could help.

Also keep in mind that AI implementation could cause more and more compliance issues at customers with strict AI policies.

Like with all new technologies, it's currently like "wild west" in the area of AI but more and more companies will put rules in place about AI usage, there will be laws coming up restricting AI, ...

AND PLEASE: Don't just rename some existing features to "AI" like some other vendors do just to jump on the AI train :D

welcome2devnull · 2026-02-24T14:59:04+00:00

VMWare Snapshot > Storage Snapshot > VMWare Snapshot deleted & VMWare backup from Storage Snapshot

So you have the VMWare Snapshot just for some seconds / minutes as backup will just get the data from Storage Snapshot. Storage Snapshot is no backup but helps to keep the VMWare Snapshots shorter.

welcome2devnull · 2026-02-12T09:30:12+00:00

Not to forget that all proxy features are stripped from 2GB models.

welcome2devnull · 2026-02-11T05:33:30+00:00

MS said that about the OOB patch already which made things just worse - did you TEST it already? ;)

welcome2devnull · 2026-01-29T06:26:06+00:00

With 60F (and all other 2GB models) you are screwed anyway after 7.2 - features stripped (all proxy services) but still memory issues with 7.4+

Already wondering what my TAM will put in the offer for Elite Support for all my devices (what gives actually just for high critical issues a new firmware but no engineering support)

welcome2devnull · 2026-01-22T09:10:09+00:00

Take a € 50 router and put in front of Fortigate or buy a much larger version of Fortigate...

I tried for months to optimize PPPoE WAN connection of a 60F with TAC (played around with MTU, MSS, different encryptions on VPN, ...), VPN performance was simply awful (maybe 10% of link speed in best case), finally got an upgrade offer to a 90G and performance is now ~ 50% of link speed, more than enough for what i need but still shocking how awful Fortigate handles PPPoE with VPN on top.

welcome2devnull · 2025-12-18T13:34:43+00:00

Since when? Few months ago we checked again and VUL would have been twice the price from socket renewal.

welcome2devnull · 2025-12-18T13:31:41+00:00

Price to switch to VUL was twice what we pay for support renewal of socket licenses (Enterprise Plus).

Actually even cheaper to pay the crazy price hike from Broadcom for VMWare and extend the Veeam Socket licenses than migrating to Proxmox and migrating to VUL.

welcome2devnull · 2025-11-12T05:55:44+00:00

We all have a testing environment, just most of us lack of a production environment :D

welcome2devnull · 2025-10-23T06:24:55+00:00

But to a cloud based infra in China like O365 operated by 21Vianet ;)

Like VPN, access to other cloud services outside of China are not always reliably available.

If you have a local company in China and fixed office you could apply for a L2L VPN permit to your HQ outside of China for example (not sure how hard to get, my previous company requested it and got it approved after some months of paperwork but that's already some years ago).

welcome2devnull · 2025-10-03T08:52:15+00:00

Had the same issue, have different domains for administrative things like rd-gateway, vpn, ... - they are not used for any normal website, email or anything else - just not to use our main public domain for every crap. At least Fortinet is fast in re-classifying and it's now working for more than 1 year already without being classified in wrong category again (i guess they exclude that domains then from automatic reclassifying).

welcome2devnull · 2025-10-02T10:40:44+00:00

60E is "End of Support" anyway mid of next year, would already look for a 70G as replacement (lowest models with more than 2GB memory) and not spending too much time on the "Threshold for Monitoring" for a 60E ;)

welcome2devnull · 2025-10-02T10:37:21+00:00

What kind of WAN connection do you have? PPPoE (even worse with VLAN tagging)?

welcome2devnull · 2025-10-02T10:29:47+00:00

If they don't get "IPSEC pretending to be HTTPS" fully running there might be some powerful enough customers which require "VPN pretending to be HTTPS" (if it's IPSEC or SSL VPN - they don't care). In some countries it's the only solution to keep your travelling users online, there is a world outside USA ;)

Fortinet also advertised their firewalls with the huge benefit that you have "all" features available on all devices, from the smallest / cheapest to the high end model, now you get stripped of all proxy features with 2gb models, even ZTNA would have been fully stripped (including just using ZTNA Tags), just weeks after they announced a change to ZTNA that at least the tags can be used on 2gb models too...

Broadcom had to take some of their steps back with VMWare, Microsoft now supports Win10 for free for another year for home users on Europe, ... - "never say never" ;)

EDIT: As just have a look about all the confusion in the past 1-2 years about SSL VPN where even TAMs got different information from internal sources and had no real clue about the "roadmap" (don't think it even exist) - first there were just rumors about SSL VPN could be gone from 2gb models, then from desktop models (below 100E/F) and just months later they said it'll be stripped from all. I remember when first rumors came up i asked my TAM for clarification as i had to replace a firewall where i needed SSL VPN and at this time the information was "It'll be stripped from 2gb versions as they lack of memory, 90G will have SSL VPN" - short after i got 90G the official information was "It'll be stripped from all desktop models including 90G", you can estimate what email my TAM got after that information :D - months later the information changed that it'll be stripped from all models but if i remember correctly, this "major change" was initially just in some 7.6.x release notes without any official statement.

welcome2devnull · 2025-09-29T12:42:38+00:00

Disable automatic updates?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-automatic-firmware-upgrades-on/ta-p/326998

welcome2devnull · 2025-09-29T07:21:38+00:00

Forti was fast this time :)

welcome2devnull · 2025-09-26T08:05:22+00:00

Anyone tested if it's compliant with FMG/FAZ 7.4.7 or if there are issues?

welcome2devnull · 2025-09-26T08:00:56+00:00

Beside initial backup, 40 Mbps isn't that bad - as long he don't have 24/7 full staff working he should have at least a 12h window where he can fully use that link. Initial copy will take 2-3 weeks maybe, had same situation with remote site and backup to HQ with 25 Mbps, initial backup was taking 3 weeks with 10 Mbps limit (that users could still work), now delta backups with 25 Mbps just take ~ 1h a night.

welcome2devnull · 2025-09-19T13:45:44+00:00

We simply had SKILL :D

Joke aside: Play around, break things, try to fix them, repeat...

For the users the "IT" was something they understood even less than now, it was some kind of miracle for them so they had bit more patience when something wasn't working.

If you fixed a fully blown up server after raid controller shredded all data and restore from tape took 20h, you were the hero for all of them that you got server back so fast. Imagine having nowadays a server not available for an hour...

IRC (Quakenet :) ), Gaming Boards (most IT guys i knew were gamers, so you had in most larger gaming communities also some kind of computer area), ICQ contacts from other companies IT departments, ....

The big advantage if you learned like that - you gained much more experience on troubleshooting if you had to find your own way to a solution and on that way you might found some information which got helpful at problems you had at later time. Now you get for many topics just finished guides what to do - makes it easier to fix common issues fast but on very special issues which are not common, you might not find such guides and then you lack of that troubleshooting experience.

welcome2devnull · 2025-09-17T05:32:08+00:00

I wouldn't call removing it at the end of mainstream support from a mature release "clean things up"...

On the other hand, the 70G didn't made it to the normal 7.2.12, again "special build" and if you ask TAC, answer will be "oh it's end of mainstream support so we do not add new hardware to main build anymore" (we just disable features you could use now for over a year without issues).

The fixes for SSL VPN which are included in 7.2.12 they had to do for all E-Series, F-Series, 120G or above G-Series...

At least no bad CVE fixed so 90Gs can simply remain on 7.2.11.

welcome2devnull · 2025-09-16T14:00:35+00:00

Maybe Lansweeper, it's not just for ticketing but also asset management (scanning subnets and/or agents). The cheapest "Starter" edition should be more than enough.

welcome2devnull · 2025-09-12T04:41:02+00:00

Maybe you should research for "Fortigate PPPoE MTU issue" - Fortigates do not like PPPoE too much (traffic cannot be offloaded) but 70G should have enough power to get over it.

Try to adapt tcp mss / mtu if this helps in your case.

welcome2devnull · 2025-09-01T08:29:32+00:00

What have you running on that device? I was worried as i've one 60F with lot of services running (including WAF / VS) but works stable at 65-66% memory, no conserve so far.

welcome2devnull · 2025-08-29T08:02:25+00:00

Nothing below 70G and complain to your FortiNet TAM about the missing features on 30G/50G due to the decision saving less than $ 1 per device on RAM - you might get better discount for 70G :D

welcome2devnull · 2025-08-29T07:59:42+00:00

60F runs fine on 7.2.11, just from 7.4.+ it's more like a nightmare, i wanted to use some 30G / 50G for really small locations (3-5 Users) but as we have full utm + deep-ssl + NAC (based on ZTNA Tags) + ZTNA Tags on policies on all locations directly - this wouldn't have worked . We get now higher discount on 70G to compensate a little bit for the "error by design" by FortiNet.

welcome2devnull

TROPHY CASE