Good morning all, I encountered something yesterday that has me really
scratching my head. In 6.0.x I had set a bunch of policies with
match-vip enable that no longer appear to have that setting in the CLI.
Furthermore, when I go to add it to a polic...
I've got an interesting scenario for any folks using BGP on their
FortiGates (or possibly any devices). We have two ISPs, but the
connections are highly asymmetrical so we investigated both BGP
Conditional Advertisement and using AS-prepends to preve...
I think you've summed up the last 20-30 years perfectly. I AM doing some
IPv6 things and try to design all new networks to run dual-stacked but
ultimately it is twice the work, yes. Just doesn't seem to be worth it.
I tried one time a couple years ag...
That's not how FGTs in HA work (they don't act like a switch stack but
more like routers using a redundancy protocol). You need two different
port channels on the Cisco side. 1 for the primary FGT and 1 for the
secondary. At that point there's not re...
You can send emails to a Slack channel though so that *would* work I
think. Do you not like the formatting when you do it that way? I can't
say I'm familiar with the actual Slack automation stitch...it's just a
way I started getting alerts from a var...
We use a public wildcard certificate. *..com As long as the
management interface is given an internally resolvable DNS name that
matches that prefix, any cert warnings go away. We do this for many of
our internal systems. Certainly an AD-based CA wou...
Someone else can correct me if I'm thinking wrong, but based on what
you've described I think the same clients that are allowed to game
during that time are matching a different allow rule farther down that
doesn't allow them to, right? When the sche...
