What are some things that Fortinet is doing that you wish they would change? Post below and lets discuss!

Could not agree more. The most important thing is stability, without that you have nothing.

I 100% agree with what you are saying; I cant tell you how much time I spend reading release notes to make sure I get customers on a stable release. What is even worse, when the customer contacts support they don't admit the software is broke, and do an entire workaround. This has happened for filters and SIP traffic mostly; now I am having issues with DNS resolutions where the customer would have to restart the firewall for it to work.

Couldn't agree more and its not just Fortinet. From what I've seen this a knock of of more vendors moving to an agile process where developers rule the roost. When it comes to a Firewall that's the last thing we want. Like you said major releases for new features then smaller releases should just be bug fixes. Hopefully if this gains traction Fortinet can do something to fix this. Have you thought of linking to this video on linkedIn? Much more likely to gain traction when account reps see people in their news feed sharing issues with Fortinet.

I am working with Fortinet products at a partner for over 4 years, and I could not agree more. I also may add this: - Fix the goddamn documentation. Not just fill in the blanks, but the fact that there is some stuff in the docs and some other in KBs when it should be in one place. - Tech support: well, the intro of your other videos says it all. The usual stuff is “hello tac, I have a problem with VXLANs, here’s a wireshark capture that shows at offset xxx…”, and the reply is: “diagnose sys top”. - Pre-upgrade test: yeah, I know that there are release notes, but we can’t calculate mentally from such notes how the configuration will be converted, I’d be nice to just “preview” it before the upgrade. - Unlicensed VMs: the ones that we use at labs. Without a license they are very crippled (cannot add them to FortiManager, no VDOMS, five policies, etc.) to the point that they can’t be used with advanced stuff. Sure, I can request an evaluation license, but even when working at a gold partner this now seems to require a blood sample and a covid test.

Every video makes me a better professional, all thanks to you Mike, keep doing what you love most. Thank you.

I'm new with Fortinet products... thanks for taking your time to explain concepts and solutions, I truly appreciate it!i

Totally agree with you. One thing i also hate, is them changing FortiClient licensing every year. #StopThat

I don't mind change but I hate sudden changes where I end up going back to the new version documentation and search for new CLI commands that replaced the older ones that basically served the same purpose. Also stability is very important I hate upgrading the firmware and finding out something got broken and I have to redo it again.

Most agreed! Fortinet is Fortinet's worse enemy.

Thank you for verbalizing this! I've been going nuts with upgrading sub-versions to fix a bug only to find more bugs.

and answering your question: Exactly that's what they should change. Never knowing if a device is still doing what it's intended to, after every single update is a huge pain in the ass...(and makes the cost-efficient devices not so cost-efficient from an administrative point of view).

I can certainly understand the frustration and I'd be peeved too. I've notice with all the bugs they fix there seems to be just as many if not more new bugs...I often wondered how that can be and why. I'm at 6.10 now, mainly because if I upgrade beyond this I lose my free 10 user FortiClient license. I had I known they were going to do this I would not of upgraded from the 60D to the 60F, but it is what it is. The 60F is for home and work, gets pretty expensive for all these licenses. Anyway as always, enjoyed the video. I don't know what the problem is with people regarding your hair, I though it looks good.

I think what you're suggesting is great. The bugs in all the different versions of 6.2 have been awful. 6.2.3 TCP MSS issue when using PPPoE, broke all my streaming devices. 6.2.4, dumpster fire. 6.2.5, web filtering with flow mode policies basically stopped working. 6.2.6, got lots of IPSec tunnels? Yeah, those are gonna have issues. I'm not even sure what new features I received between all those updates that weren't on 6.2.0, all I know is the bugs caused major issues.

Keep on doing what you love! Thanks for that huge input every video.

I agree with you 100%. Only just this week I upgraded a customer from 6.0.6 to 6.2.4 and it broke SSL VPN group matching, Fortinet then advised to downgrade to 6.2.3. Also IPS seems broken on 6.2.3 on a LB VIP which was working perfectly fine on 6.0.6

Hello; Been working with fortinet's product for over 6 years now. I agree with you 100%. I had a mayor headache last week because a 100E (6.2.3) wouldn't assign the correct dns servers (doing split dns) whenever the user connected using the forticlient.

Hi Mike, I agree with what your saying. And I would expect that most of the engineers that work at Fortinet do to. These early releases should always be betas and come with an installation warning. I suspect even the Devs are screaming at the marketing teams... don't realise it ... Give is more time..!!

All software venders need to stop doing this.

What i really hate about new Firmware - they have "know issues", and when i read for example "Known issues" section of 6.4.4 - i have a huge question, why its not getting fixed? They fix something here and there, but in the same time they add something here and there. But why you add something new, when there is huge "known issues" list?

Could not agree more. This is why the ISP I work for currently operates 6.0.10 across the board.

I can relate on this. we are in a running environment then suddenly there was an issue for stability. which give us to many negative feedback from the customer and the management. I totally agree Guitarguru / FortinetGuru

I demand stability!!! Its a simple concept Fortinet

100% agree, stick to the old life cycle management / patch management method.

That's funny. I laugh the part about your hair. LOL. I agree with stability.

Totally agree! I have a FortiGate 200E completly unmanageable running FortiOS 6.2.3 (6.4.0 already available at the time) at 4:30AM with near to nobody consuming resources. No DoS, no high CPU, less than 20% of RAM usage. It simply stopped, 100 miles away from me, on a weekend, with my backup person at vacation. Since this, I'm simply afraid of being happy with all really interesting new features.

Hello Sir. I'm watching all your videos.Thank you very much. Sir could you please upload Failover IPsec vpn Configuration. Means if Head Office One link(ISP) is down that time automatically up second link(ISP)

I agree! They should only release new features in the major release and the remaining sub revisions should be to stabilize the major release.

Spot on! Recently we've been dealing with some very wacky issues with AOPVN (Microsoft's Always On VPN - don't judge too harshly, it's a fit for the environment ATM and it's something we'll review going forward). Long story short, our MSP has kept on pushing us to go the latest version to fix the problem but have each time asked for the evidence that backs up their claims that it fixed our issues (slow SMB traffic over the VPN) but they kept coming back with "it should fix it" without any real evidence to which I said a big NO. Since we've gone down the Fortinet path (very recently I might add) we've made a strong point to read the release notes and honestly it's been horrifying when you read the known bugs section! We're on 6.2.3 code and are probably going to wait for 6.2.5 and re-evaluate then. Still working on the issue but I'm not upgrading unless its for a very good reason.

I couldn't agree more, I back FTNT everyday in my professional life and we never had issues, but since 6.2 it's a joke, we are stuck at 6.0.10. It's not the only silly thing Fortinet have done lately but it's the most frustrating.

Too new to know the issues of features you speak of, however it sounds like Forti OS is the router OS as to Windows 10 lately. I agree, test your product, do not push until stability is there. And for the love of anything, stop letting your end users be the testers of your product. If we are your testing team then we need to be compensated for it.

Hi Mike, really enjoying your videos. I work for a service provider that has Fortigates out in the wild but managing them all centrally has been a challenge. Would you suggest using FortiCloud management? I video covering touching this topic would be very helpful. Thanks!

Totally agree with this. Also it does not even stop with new features. I don't understand why they have to mess with functionality inside a major branch. For example jumping from 6.2.1 to 6.2.2 in interface admin access you previously had CAPWAP + FortiTelemetry which was substituted by single "Fabric". Not a big deal if you always configure equipment by hand but if it's done via automation, these small changes will bug the hell out of you. Also the same patch introduced forced cam. voi. etc. interfaces creation when you enable your switch controller. Again have to rewrite all ZTP-templates. 6.2.3 is introduced, ZTP breaks again because of interface admin access changes not applied to an interface what is operational during auto-link. Oh yes, did anyone notice that in 6.2.3 the "allow intra-zone traffic" button worked the wrong way around? In early 6.0.x -patches you could not change VLAN-tagging of multiple ports at the same time and initially they told that the fix would not be even in 6.0 -branch but luckily they came to their senses. These are just few examples which I remember (the details might not be right) but lately I've been a bit paranoid about applying software updates to any FortiProducts.

Got another one... 6.4.1 was released for FortiGates weeks before 6.4.1 was released for FortiManager, and 6.4.1 is a REQUIREMENT on FortiManagers for FortiGates managed by the FortiGate. It's almost as if two different companies shoot for the same release date, but then don't communicate with each other.

Word! :) I couldn't agree more!

As somebody thats nse 1-7 certified I highly agree.... we only approve upto 6.0.9 currently as we can't afford the pain of bugs

Hah! That's funny you mentioned you hair. I guess that means I don't need to start the GoFundMe page for Mike's haircut. Kidding! (kind of) Seriously though, yeah stability is very important. I usually upgrade when either 1) the current version has some serious security issues, or 2) the new version has some compelling features that might be beneficial to implement.

I totally agree 👍🏼

You have great hair. They are just jealous!! 😂🤣

Hi Forti Guru i'm new in Forti stuff, intending to deploy Fortinet in my company. what would be according to you the recommanded Version 7 release for a maximum of stability ? thanks :)

You be you Mike!

i love ur videos, keep ur work

I understand and appreciate your views. However, if you look at PAN's .0 known issues, it far exceeds the .0 known issues that Fortinet offers. PAN introduces new features in .1 for example. I think companies have to address market demands and sometimes every vendor must release code that is not optimal. Look at cisco iWAN on the ISR routers. I appreciate all views from all sides. that's all.

Totally agree.

Fed up with being Beta testers each time we update and (even with limited skillset) having to second guess Fortinet support when they advise crazy stuff...after updating to 6.4.0 from 6.0.7 a bunch of rules "broke" as they changed from "Proxy" mode to "Flow" mode - Forti support suggested that uploading the 6.0.7 conf file would resolve the issue :-( Fortigate support saying that certain tasks are not supported (such as FW downgrade) and yet they provide detailed instructions on how to do it! Would really appreciate a video on the easiest way to 'move' a port (and corresponding ruleset) - we are about to update to a 10G internet pipe which means that the current port/connection will need to be moved (we don't use zones).

i am sure i sat in a Fortinet product pitch were they promised that this is how they will do it from now on but yes we can only dream

Features are great...when you expect them. We used to wait to upgrade to a new code version until .3-.4 or whenever they stabilized. Now its a total crapshoot. We shouldn't have to pick between fixing 1 bug while introducing 2 more or just living with it as-is. Slow down your feature releases Fortinet and just fix what's out there.

I agree.

That's a bad idea if they did that. We have to stay within a code level and not add features mid-stream.

6.4.1 has been madness... FortiManager and FortiGates... SSL inspection broken?! Can't diff policies in FortiManager?! AKKK!!! Does FortiNet test anything? "don't upgrade until ?.?.4+ is available" is something I've heard from MANY different sources (I only updated to 6.4.1 because 6.2.3/6.2.4 was also a mess). So, to answer your question... I wish they would change from seemingly not testing... to TESTING!

where did you get this t-shirt, I really need it :D

Could you make a video (or reply below) what do you think about and expect from 6.4 branch? I follow reddit and Fortinet forums and compared to 6.2 it seems much more stable. I'm thinking about skipping 6.2 and upgrade directly to 6.4 (I want the consolidated IPv6 policies).

Agree, I don't undertand the need to release untested software

Everyone that works with fortinet agrees.

Agree

Since losing my hair in 2005, I have refrained from ridiculing anyone's hair.

I have to agree that 6.2 has been of unusually poor quality. I'm hearing that 6.2.5 should fix a lot of the major issues. Also, 6.4 is effectively a new platform/design and this is why it seems much better than 6.2 even from the outset.

u rock men! crazy fucking hair!

Fortinet took away free labs for the partners and I really hate that.

This was a funny into :)

And they have promised to do so many times. 5.2 had the same issues. 5.6 and 6.0 where better bit 6.2 and 6.4 are bad. They have a history like this because 4.2 was also not good. Maybe 6.6 will be better again?

great haircut btw...😁

So, you don't care what your customers think? Interesting philosophy ...

I think Trump and Fortinet have something in common, stability in the next level...please!