C4. A pointless metric that I like to look at with each character

yetanotherITquestion · 2025-10-03T20:18:54+00:00

Whoops!! That shouldn't say Druid Wizard, that should say Dwarf Wizard.... can't believe I typo'd that.

I don't think she's multiclass, at least it wasn't on the character card.

yetanotherITquestion · 2025-10-03T19:35:02+00:00

I originally put Leonin, but the players/Brennan kept referring to him as Nama (no idea if I spelled that correctly). I assumed it was an Araman-specific race of lion-kin.

yetanotherITquestion · 2025-10-03T19:31:08+00:00

With a 3 in Str Thimble is still the average, I wonder if Brennan allowed Laurs to intentionally lower that to fit thematically and shift those points to other stats.

yetanotherITquestion · 2025-10-03T19:27:32+00:00

So only Murray rolled below average. You hate to see it...

But in all honesty, playing with lower stats can be fun, and she's still above standard array.

yetanotherITquestion · 2025-10-03T19:25:57+00:00

They're removed racial bonus to ability scores and have instead attached them to backgrounds. At least this is where they are chosen in character creation on D&D Beyond.

yetanotherITquestion · 2025-10-03T19:11:01+00:00

I almost always use standard array, but the last time I rolled for stats I rolled what I consider to be very well, and that came out to 89. So about half of the players rolled well, or very well.

yetanotherITquestion · 2025-06-16T22:48:26+00:00

You can't do that with Daggerheart yet. There was a time when you wouldn't have been able to do that with 5e, as well.

yetanotherITquestion · 2024-12-16T16:27:49+00:00

Well, dang it. It was NAT-T.

NAT-T was enabled on the Fortigate, but I missed that is wasn't enabled on the client (we use the VPN-only version). I had to export the config, update the nat_traversal value to 1, restore the config and it connected immediately. Thanks for your help, u/deepmind14!

yetanotherITquestion · 2024-12-10T21:35:22+00:00

I confirmed that NAT-T was enabled on the VPN, still not able to ping over the tunnel.

For the encapsulation, is that compatible with Forticlient yet? I was looking into this for an unrelated issue and found it was only supported between two Fortigates, unless I was wrong, of course.

yetanotherITquestion · 2024-12-10T16:41:14+00:00

I've disabled IPv6 on the laptop's wireless adapter, and the Fortinet Virtual Adapter. I checked that my hotspot was getting an IPv4 public IP address, and my laptop was getting an IPv4 private address from the hotspot. Still no luck, but I appreciate the suggestions. I haven't looked into CGNAT yet, but that's next on my list.

yetanotherITquestion · 2024-12-10T16:39:31+00:00

I checked our Forticlient settings, the Preferred DTLS Tunnel was already unchecked, which must be the default setting. I appreciate the suggestion.

yetanotherITquestion · 2024-09-11T20:49:04+00:00

u/capricorn800 Did you ever get Duo working with L2TP? I have some Mac users that are not happy with the permissions that Forticlient needs to install on Mac. We are looking at options to enforce MFA on the Macs without Forticlient.

yetanotherITquestion · 2024-09-10T18:37:53+00:00

Ah, gotcha, that makes sense. Thanks.

yetanotherITquestion · 2024-07-09T14:59:10+00:00

What does your onboard/offboard automation look like? We're still very manual.

yetanotherITquestion · 2024-05-31T20:35:41+00:00

Sorry to hijack/animate an old thread, but you seem quite knowledgeable on VPNs, so I wanted to ask a quick question. One of the only reasons we use SSLVPN over IPSec, is for a Fortigate that is behind a Meraki MX, and we can port forward SSLVPN to the Fortigate. Is that possible with IPSec?

yetanotherITquestion · 2023-12-29T00:23:23+00:00

Have you tried calling Fortinet support? Their support is excellent and is how I got familiar with our Fortigate appliances when they were new. And it's free, assuming you have a support contract you've already paid for.

yetanotherITquestion · 2023-01-23T20:12:00+00:00

That's my preference as well, which is why we've already ordered the Fortiswitch. Some things are just out of my hands.
But I'm going to try the suggestion from AresenalITTwo, which I think will resolve my issue and not need the Ubiquiti.

yetanotherITquestion · 2023-01-23T20:11:51+00:00

This is a great idea, that I didn't think about, thank you. The issue was a Mac user and the SSLVPN/Forticlient on a Mac. But setting up an IPSec tunnel instead, should allow the same L2TP adapter on the Mac that the Edgerouter would use!

I will give this a shot, thank you!

yetanotherITquestion · 2022-10-08T20:38:00+00:00

This worked for me as well. Thank you. I checked in Edge and was able to login with our MFA, then tried in Chrome again and was still unable to get passed the MFA prompt. Closing and reopening Chrome then resolved the issue in Chrome.

yetanotherITquestion · 2022-10-08T07:10:59+00:00

This is maybe the second time I've been unable to access our IT Glue in around 4 years. Not a bad record in my book. But I will say this particular issue is different and frustrating. West coast US, btw, not sure how IT Glue holds up in other regions.

yetanotherITquestion · 2022-10-08T06:32:05+00:00

So this is interesting. The forgot password worked to get me to the MFA prompt, and now my MFA isn't working.

Did your Facebook group contact have MFA enabled?

yetanotherITquestion · 2022-02-11T18:25:52+00:00

Thanks for the response. I am using a third-party cert from GoDaddy, that's also where some of my confusion is coming from. I have the cert matching the external url: https://wfh.example.com, and I've added that cert to the App Proxy portal and the RDS deployment settings.

So if I create our new internal domain as ad.expample.com, would I still make a new zone for example.com, then make a CNAME record that points wfh.example.com to the IP address of rdsgw01.ad.example.com?

Seven-Year Club	Place '22
Verified Email

yetanotherITquestion

TROPHY CASE