|
Gerdalti posted:Anyone have any suggestions on an easy to setup and deploy VPN solution? We'd been using SonicWall, but the hardware finally bit the dust. If it's for domain-joined Windows clients then go with DirectAccess.
|
# ? Jun 23, 2017 16:08 |
|
|
# ? Apr 20, 2024 02:18 |
|
Gerdalti posted:Anyone have any suggestions on an easy to setup and deploy VPN solution? We'd been using SonicWall, but the hardware finally bit the dust. We use fortigate's and forticlients at multiple clients and in our own office and we don't have any issues. Are you on old firmware? Using an older version of forticlient? What fortigate do you have?
|
# ? Jun 23, 2017 16:10 |
|
Thanks Ants posted:If it's for domain-joined Windows clients then go with DirectAccess. I've never had the Fortinet issues be that bad for issues that weren't user error or somehow related to the way it was set up. Occasionally there's an authentication problem, but that's usually an out of date FortiClient. What firmware are you running on the Fortigates? DirectAccess is really good, but I wouldn't necessarily call it easy to set up (maybe I'm just bad though).
|
# ? Jun 23, 2017 16:34 |
|
Thanks Ants posted:If it's for domain-joined Windows clients then go with DirectAccess. Unfortunately, we're running a mix of Win 7 Pro and Win 10 Pro, not Enterprise. Otherwise this is the option I'd take. MF_James posted:We use fortigate's and forticlients at multiple clients and in our own office and we don't have any issues. Are you on old firmware? Using an older version of forticlient? What fortigate do you have? ChubbyThePhat posted:I've never had the Fortinet issues be that bad for issues that weren't user error or somehow related to the way it was set up. Occasionally there's an authentication problem, but that's usually an out of date FortiClient. What firmware are you running on the Fortigates? Fortigate 100D running v5.4.2,build1100 (GA) - I probably need to update this over the weekend to 5.4.5 FortiClient 5.4.3 The VPN tunnel is literally built using the wizard, the client is deployed using EMS, and the tunnel information is pushed to the client using EMS. I feel like that should all be pretty straightforward. My site-to-site VPN stuff is super solid with the 100D, but the client stuff just seems to suck. I wonder if it's worth opening a ticket with them.
|
# ? Jun 23, 2017 17:25 |
|
Yeah that seems like a good excuse to bump to 5.4.5, but I can't say for sure that will fix the issues you are seeing. Maybe start with that and see if any further digging is required. Do your logs show anything of value when users fail to connect or disconnect from their session? e: Also what percent does the client fail to connect at?
ChubbyThePhat fucked around with this message at 17:37 on Jun 23, 2017 |
# ? Jun 23, 2017 17:34 |
|
Gerdalti posted:Anyone have any suggestions on an easy to setup and deploy VPN solution? We'd been using SonicWall, but the hardware finally bit the dust. SoftEther looks like a dodgy as hell software product but that's just how Japanese software is and is not something to be concerned about. We've used both for separate solutions here and I can recommend either. My suggestion is if you're giving something to end users for them to use, SoftEther is easier to get going but kind of sucks afterwards. OpenVPN is easier once you get it set up (right click on taskbar icon, hit 'connect', done) but getting to that point is more of a challenge than with SoftEther. They both have their pros & cons so it's really just a case of you having to weigh the two against each other.
|
# ? Jun 23, 2017 18:05 |
|
I guess I'll spend a few days trying to get FortiClient working first, then dig into the other two.
|
# ? Jun 23, 2017 18:19 |
|
Sickening posted:Nothing says confidence in your new position like "contract to hire". Nothing turns me off a position faster. Rarely see it anymore in the jobs I would consider anyway because I am sure people who make that kind of money also nope the gently caress out too. My previous job was technically CtH, and it was billed as "we get to know you, you get to know us and we make sure it's a good fit" for "a couple of weeks" which didn't turn me off too much. It also lasted a week and a half before they made me full-time. Then some guys hired after me were contractors for ~a month, which I would not have gone for at all, especially since it was just at the same rate as the full-time salary would be.
|
# ? Jun 23, 2017 18:22 |
|
Sickening posted:Nothing says confidence in your new position like "contract to hire". Nothing turns me off a position faster. Rarely see it anymore in the jobs I would consider anyway because I am sure people who make that kind of money also nope the gently caress out too. Definitely understand and I used to have the same reservations, but I've had really good luck with the recruiter I'm using (they're IT-only and like the second largest in my region). And the company I'm going to be working with has a good track record of hiring people before the 3 month deadline is up, quite a few guys I talked to said they were brought on permanent within 4-6 weeks and a couple actually got promoted within a year afterward.
|
# ? Jun 23, 2017 18:28 |
|
BOOTY-ADE posted:Definitely understand and I used to have the same reservations, but I've had really good luck with the recruiter I'm using (they're IT-only and like the second largest in my region). And the company I'm going to be working with has a good track record of hiring people before the 3 month deadline is up, quite a few guys I talked to said they were brought on permanent within 4-6 weeks and a couple actually got promoted within a year afterward. Sometimes it's a matter of budget as well. Where I'm at contractors go in the CapEx budget, but full-time positions are in the Personnel budget. It's easier and faster to get funding for a contractor than for a new position. It's also easier to secure the funding for a new position/hire if they're already being paid as a contractor.
|
# ? Jun 23, 2017 19:52 |
|
Yesterday my coworker, who is in the exact same IT position I am, came to me and asked if we were able to convert .doc files to .docx. Then he asked how to do it. Then he told me he had a .doc file someone had sent him that Word couldn't open and was popping up that "select encoding type" dialog, and if I thought saving it as a .docx would fix that. I really don't understand how this guy is in this field. This even beats the time he didn't know what ping was.
|
# ? Jun 23, 2017 20:27 |
|
Gerdalti posted:I guess I'll spend a few days trying to get FortiClient working first, then dig into the other two. I would 100% get on with their support, usually it's pretty good (I'm sure you've had to call them before) and they've really done a lot of work on making it better, or at least you don't sit on hold as long, but out of the 20 times I've called them I've had maybe one bad engineer.
|
# ? Jun 23, 2017 20:35 |
|
MF_James posted:I would 100% get on with their support, usually it's pretty good (I'm sure you've had to call them before) and they've really done a lot of work on making it better, or at least you don't sit on hold as long, but out of the 20 times I've called them I've had maybe one bad engineer. On the other hand, you have had to call them 20 times.
|
# ? Jun 23, 2017 20:36 |
Knormal posted:Yesterday my coworker, who is in the exact same IT position I am, came to me and asked if we were able to convert .doc files to .docx. Then he asked how to do it. Then he told me he had a .doc file someone had sent him that Word couldn't open and was popping up that "select encoding type" dialog, and if I thought saving it as a .docx would fix that. There are a lot of people who skate by doing exactly what he's doing. Float around and be useless while your co-workers do the real work.
|
|
# ? Jun 23, 2017 20:45 |
|
RFC2324 posted:On the other hand, you have had to call them 20 times. I mean, I was told to support around 20 of them, without knowing a drat thing about them, so yeah, I had to call their support a bunch because I got trial-by-fire with no information and no time to learn them, I don't even have a loving test device that I can gently caress around with, it's 100% my companies fault I've had to call them 18 out of the 20 times in the last year.
|
# ? Jun 23, 2017 20:49 |
|
Haven't Fortinet sort of abandoned the 5.4 stream? It was ambitious, launched before it was really ready, and now 5.6 has arrived. I had issues with IPsec tunnels randomly dropping on 5.4.5 and moved to 5.6.0 about a month ago.
|
# ? Jun 23, 2017 21:47 |
|
In today's Misadventures in Userland: User 1 got into her remote office and her desktop's USB wifi adapter wasn't working. Had her move it into another USB port, started working again. So far, so good. A little bit later, she puts in a frantic ticket. She has Microsoft on hold and needs the admin password to let them remote in. I remote in myself and am immediately greeted with "YOUR COMPUTER IS INFECTED. PLEASE CALL MICROSOFT AT 1-855... SECURITY ALERT. YOUR IP ADDRESS..." blaring through my speakers. "Did you call Microsoft?" "Yes! They're still on hold!" "But did you call actual Microsoft, or the number on this popup?" "The number on ... ohhhhh" ------------------------------------------- User 2 has been failing to grasp that she can't do a Skype meeting from an RDP session into her office PC, as she can't expect that computer to see or hear her. I invite her to send me a meeting invite to test, I join the meeting and remote into her home PC. She still cant understand why Skype is showing a picture of her empty office at work. This after repeated explanations (in writing!) why that won't work, installing Office via 365 on her home PC to have Skype4Biz available, and a step by step how-to of joining a Skype meeting from home. And she even says to me, "I'm not a moron!"
|
# ? Jun 23, 2017 21:49 |
|
Well this was an interesting time to come back to the thread, considering I'm ready to roll out FortiClient next week after successful testing
|
# ? Jun 23, 2017 21:53 |
|
MF_James posted:I mean, I was told to support around 20 of them, without knowing a drat thing about them, so yeah, I had to call their support a bunch because I got trial-by-fire with no information and no time to learn them, I don't even have a loving test device that I can gently caress around with, it's 100% my companies fault I've had to call them 18 out of the 20 times in the last year. So they have good support, and what seems to be a solid product, but the online documentation is lacking? https://www.youtube.com/watch?v=VakU20APPdw
|
# ? Jun 23, 2017 22:11 |
|
Sickening posted:Nothing says confidence in your new position like "contract to hire". Nothing turns me off a position faster. Rarely see it anymore in the jobs I would consider anyway because I am sure people who make that kind of money also nope the gently caress out too. It's fairly popular in IT these days, since you can see how you fit with the team, and they can see if you're a horrible spergy goon that takes a month or two to revert to type. My job does that for the new L1 techs, and it works pretty well, some are good, some are let go because they're smug fuckheads who either escalate or just close tickets without resolving the issue.
|
# ? Jun 23, 2017 23:22 |
|
Gerdalti posted:Anyone have any suggestions on an easy to setup and deploy VPN solution? We'd been using SonicWall, but the hardware finally bit the dust. We use fortigate/forticlient for about 80 full time remote workers and another 200 employees who check in from home and have have maybe 1% failure rate, and it's usually something stupid like other intrusive VPN software still installed (looking at you AnyConnect).
|
# ? Jun 23, 2017 23:56 |
|
RFC2324 posted:So they have good support, and what seems to be a solid product, but the online documentation is lacking? Yeah their online documentation is fairly awful, though it IS getting better, they're actually making a big push to document their CLi as well. Thanks Ants posted:Haven't Fortinet sort of abandoned the 5.4 stream? It was ambitious, launched before it was really ready, and now 5.6 has arrived. I had issues with IPsec tunnels randomly dropping on 5.4.5 and moved to 5.6.0 about a month ago. All of our stuff (everything from 60C-200Ds) are on 5.2.10 which seems pretty loving solid, we haven't had any issues since upgrading.
|
# ? Jun 24, 2017 00:00 |
|
We've pushed three of our firewalls to 5.6 so far, running smoothly. We're going to upgrade the main corporate firewall this weekend and I'm sending out 15 50Es to home workers so we can take control of QoS for them and have insight into their home networks.
|
# ? Jun 24, 2017 00:38 |
|
I'm amazed how much poke the smaller Fortigates have to be honest
|
# ? Jun 24, 2017 00:51 |
|
Let me tell you about loving contract to hire. I got my current job about three years ago as a contractor on a six month contract, with a promise of hiring on at the end if I worked out. I've heard this a lot before so I knew that might not actually be true, but I took the job anyway because I needed it and it was at a really good place to work. Six months roll past, I am the best fuckin tech they got, the users love me, I clear more tickets than anyone, I'm friends with my coworkers, it's great. However, this is a state job. State HR hiring policy states that every permanent job be posted publicly for two weeks and that if there's an applicant who was laid off from another state job in the past six months, they get priority hiring. This is an immutable truth. So they post my job, and a lay-off applicant applies. They end up closing the position and keeping me on as a contractor. They up my pay to what I would be getting as full-time, which means they must be giving the contracting agency a fortune. Six months later, this entire thing happens again. And six months after that. Finally, two years into my six month contract, they manage to hire me permanently. I appreciate my bosses being dedicated to keeping me on, but holy poo poo what a clusterfuck that was.
|
# ? Jun 24, 2017 01:57 |
|
Methylethylaldehyde posted:It's fairly popular in IT these days, since you can see how you fit with the team, and they can see if you're a horrible spergy goon that takes a month or two to revert to type. My job does that for the new L1 techs, and it works pretty well, some are good, some are let go because they're smug fuckheads who either escalate or just close tickets without resolving the issue. You can already do that with a full time hire. Being more on the other side of things myself and seeing the costs of hiring an employee I don't even see a cost savings benefit that is even worth the risk of turning away better candidates.
|
# ? Jun 24, 2017 03:34 |
|
Enola Gay-For-Pay posted:Let me tell you about loving contract to hire. This is the stuff I worry about with c2h, especially benefits. From my understanding, contractors generally don't get healthcare, PTO, sick leave, etc. Those are pretty difficult to replace, and would require a substantially higer salary to match.
|
# ? Jun 24, 2017 19:59 |
|
i'd consider contract to hire if you just offered me the job straight up based on my resume, no interviews no nothing just straight to $$$ negotiation if you want me to go through your hr process then i expect an actual full time position at the end of it
|
# ? Jun 25, 2017 07:18 |
|
JewKiller 3000 posted:i'd consider contract to hire if you just offered me the job straight up based on my resume, no interviews no nothing just straight to $$$ negotiation How do you feel about Nikolai Fuckharin's posting?
|
# ? Jun 25, 2017 13:22 |
|
Enola Gay-For-Pay posted:Let me tell you about loving contract to hire. There's where a lot of your difference is - state/government jobs have way different rules and loopholes that a lot of other regular companies don't use. Most of the IT jobs I've had that are contract or contract to hire have a definitive end date and are usually pretty open about whether or not someone's a fit. One of the best IT contract to hire jobs I ever had was back working for a regional midwest bank, the only reason I didn't take it was because I ended up moving out of state to help family during a tough time. Otherwise I loved it and they went out of their way to accommodate me and try to work something out and it was an amazing place overall.
|
# ? Jun 25, 2017 17:23 |
|
"But you didn't say in the e-mail that this wasn't customer affecting! We just spent the last 20 minutes looking into something that wasn't actually an outage" yeah actually that was intentional not sorry
|
# ? Jun 26, 2017 12:32 |
|
Renegret posted:yeah The group I escalated to was very unhappy with that answer. They were also very unhappy I didn't call them to tell them I sent an e-mail and lmao it's not my job to tell you to check your e-mail gently caress outta here. If you want a ticket to stay in ticket purgatory in this company, you tell groups that it's not customer impacting. Then the ticket will stay there for three years until someone like me does some house cleaning and just closes it so we don't have six thousand tickets open. Renegret fucked around with this message at 12:37 on Jun 26, 2017 |
# ? Jun 26, 2017 12:34 |
|
If there are enough customer impacting tickets open to backlog non impacting tickets for three years, something is seriously wrong with whatever you're supporting.
|
# ? Jun 26, 2017 15:08 |
|
Judge Schnoopy posted:If there are enough customer impacting tickets open to backlog non impacting tickets for three years, something is seriously wrong with whatever you're supporting. If product owners are given too much power (and they suck), they can force enough new feature work that even some customer impact work is de-prioritized.
|
# ? Jun 26, 2017 15:47 |
|
Judge Schnoopy posted:If there are enough customer impacting tickets open to backlog non impacting tickets for three years, something is seriously wrong with whatever you're supporting. The problem is that people aren't held accountable for their queues. I'll open a ticket for, let's say some random rear end VM at 90% memory utilization. I open a ticket, tell the owners, and they add some memory. Then they never bother telling me that they did anything and the ticket sits there in limbo forever until someone starts going through the old stuff. We're a big company with several million customers, we have automated systems opening and closing hundreds of tickets a day. If it's not an outage ticket, it can easily slip through the cracks if you don't bust balls. People at this company don't understand what tickets are used for and just treat my department like we're a bunch of god drat ticket secretaries. I 'm constantly fighting it, but it's a losing battle because that's what my own manager thinks I am too.
|
# ? Jun 26, 2017 17:10 |
|
Renegret posted:The problem is that people aren't held accountable for their queues. I'll open a ticket for, let's say some random rear end VM at 90% memory utilization. I open a ticket, tell the owners, and they add some memory. Then they never bother telling me that they did anything and the ticket sits there in limbo forever until someone starts going through the old stuff. We're a big company with several million customers, we have automated systems opening and closing hundreds of tickets a day. If it's not an outage ticket, it can easily slip through the cracks if you don't bust balls. That's awful. Our manpower is based on how many tickets are logged with us, plus any heads specific customers want to pay for, but aged tickets, raised over 3 weeks ago, is a KPI for the desk, and one which we have under control. (Only 30 of our tickets are over that threshold, and that has been fairly static for 4 months or so.)
|
# ? Jun 26, 2017 17:20 |
|
Time to write a script to do your job and just show up to click run and collect a paycheck. Or outsource your own job through a VPN and do contract work at your desk.
|
# ? Jun 26, 2017 17:36 |
|
mehall posted:That's awful. Aged tickets for us is over 4 weeks and we originally had over six thousand of them before a recent push to bring that number down. Right now we're at 1029 which is a huge improvement, but without some sort of process change that number's only going to go up again. (Depending on the day we go through around 600 tickets/day so relatively speaking 1,000 aint so bad) My wildly unpopular solution is just to bill departments for open tickets because money is the only thing that makes people do anything around here. We're only treating the symptom here by reviewing old tickets. The problem is a lack of accountability on non-outages.
|
# ? Jun 26, 2017 17:49 |
|
Renegret posted:The problem is that people aren't held accountable for their queues. I'll open a ticket for, let's say some random rear end VM at 90% memory utilization. I open a ticket, tell the owners, and they add some memory. Then they never bother telling me that they did anything and the ticket sits there in limbo forever until someone starts going through the old stuff. Oh look someone else has the same job I do!
|
# ? Jun 26, 2017 20:28 |
|
|
# ? Apr 20, 2024 02:18 |
|
Renegret posted:My wildly unpopular solution I've made some wildly unpopular suggestions that would make HR do anything at all ahead of the start date of a new hire at my place and christ on a cracker management acted like I a suggested they fire up the ovens and start rounding up minorities.
|
# ? Jun 26, 2017 23:52 |