IPSec Dialup w/ Entra Auth via Fortimanager?

Hi all,

I'm new to Fortinet products so forgive any obvious answers I'm oblivious to.

I have two 121G's managed via Fortimanager. I need to set up a basic dialup IPSec tunnel for Forticlient Free usage on Windows on just one of the 121G's. I need to get Entra auth working for this tunnel.

From what I understand, even though it seems easier from the outset - if I try just setting up this tunnel on my Fortigate directly, when I push out Device Setting/Policy Packages via Fortimanager, things are going to be overwritten that I configure directly on the target Fortigate as Fortimanager will not have any way of pulling things like the Entra SAML objects and what not back up into Fortimanager.

Unfortunately, documentation on this specific implementation with Fortimanager in the mix is pretty scarce and from what I see the VPN Manager doesn't really expose what I need with my Entra SAML config I want. Does anyone know of any documentation that'll point me towards how to get this set up correctly or if I'm misunderstanding Fortimanager's role in this case? Can I actually just set things up directly on the target Fortigate and Fortimanager won't overwrite what I think it will?

I imagine throughout this I'll have to set certain things up directly on the Fortigate, go back to Fortimanager to reference those and set up interface settings, etc. Back and forth more or less. It's just a lot for a first timer setting up a tunnel and I'm way in the weeds. I typically read the hell out of documentation before diving in, but I seriously can't find anything solid for this specific implementation.

Thanks for any suggestions or hints on how to move forward.

reddit.com
u/Snot-p — 9 days ago
▲ 2 r/meraki

Dashboard showing "DNS cache overflow"?

Anyone else getting this? My orgs dashboard is just getting a static "DNS cache overflow" message. All systems "Operational" according to status.meraki.net..

reddit.com
u/Snot-p — 10 days ago

Sharepoint Online - Retiring SPO OTP and moving to Entra B2B...is this as big of a nightmare as it looks? (MC1243549)

So this is likely on me. I'm unsure if this is hitting other people unexpectedly - but MC1243549 just hit us today where Sharepoint Online external sharing with a OTP sent to the recipient email is gone.

I have a lot of people messaging me demanding to know what I changed with me going "nothing". Now again, this is likely on me as this was probably floated for a while but it just simply escaped me.

From the exterior...MS has now retired SPO OTP and is REQUIRING Entra B2B guest collaboration for sharing a link. My first instinct, are you fucking kidding me? So now every single time someone external is sent a link via "People you choose" sharing - I need to enable auto guest creation and my Entra users list is going to be flooded with potentially thousands of guest accounts with zero indication of how to even manage these?

What. The. Fuck.

I have guest collaboration turned off unless explicitly created via admins with roles. Am I overreacting? Has this hit any of you as well?

I need a drink.

Edit: It gets better. I'm also failing to realize that these guest accounts need to satisfy my MFA requirements. Holy fucking shit.

reddit.com
u/Snot-p — 2 months ago