Hi Toshi. Just curious about your use of a zone with the parent physical interface and child vlan interfaces. You mentioned you were using it for tagged and untagged traffic? I wondered if you had the child vlans in a different zone than the zone the parent physical interface was in? I ask because I had considered something similar a while back to deal with untagged traffic but found a different solution (switch based).
No worries if you don't feel like posting about it! Cheers.
I believe we did it before at least for one customer even if we don't have now to separate corporate subnets/network from non-corp subnets/network and put them into separate zones. FGT just handed off all non-tagged/tagged VLANs over one port to a L2 switch(es) and all devices, including WiFi APs are hanging off from the switch. Obviously only one zone can have the parent interface, and the other one doesn't have it as member interfaces.
To create zones there is no distinction between a parent interface and VLAN subinterfaces, until this problem was introduced.
I updated a 60D this morning from 5.6.4 and it did not go well. After rebooting, none of the interfaces passed traffic and I was unable to log in over console. The error that kept showing up was something along the lines of "unable to lock lockdb".
After rebooting the device a second time, everything was fine. Unfortunately for me, I decided to chance doing an update when I was not onsite with the device and wasn't able to go physically power cycle it until it had been down for a few hours. Lesson learned. And I'll probably be investing in remotely controllable power outlets.
I would never do an upgrade for a new version I never experienced before without staring at console output, often keep it saving into a file so that I can attach it to a ticket in case I need help from TAC, regardless on-site or remote (always have console access via a terminal server if remote). If that's not possible, at least experience the same upgrade with a FGT whatever we have in the lab first.
I'm just curious but what version did you upgraded the 60D from? 5.4.x?
"SSL VPN standalone client no longer supports the following operating systems:
Microsoft Windows 7 (32-bit & 64-bit)
Microsoft Windows 8/8.1 (32-bit & 64-bit)
Microsoft Windows 10 (64-bit)
Virtual Desktop for Microsoft Windows 7 SP1 (32-bit)"
Does this refer to the FortiClient, and if so, does anyone have any idea why is Fortinet dropping the support for it?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.