Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG1kc
New Contributor

Features that you would like to see

Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
114 REPLIES 114
Carl527
New Contributor

The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom port.
Maik
New Contributor

The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom port
Not needed: You can create a port-forwarding VIP for that: Public IP, 443 -> 10443. This goes into a WAN to WAN policy
brianmac64

The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom port.
You can use a VIP to accomplish this... EDIT: Whoops, this has already been answered. Move along, nothing to see...
moo?
ede_pfau
Esteemed Contributor III

Using local-in policy in FOS 5.x, you should be able to redirect the destination port via VIP. Would be worth to try.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
netmin

The current ssh proxy - from what documentation provides, a sort of rfc6187 (?), is not suitable for most sftp implementations (and clients). So a VIP of server-type: SSH/SFTP would be very valuable. - upload a public and private ssh key to the FGT for each VIP - authenticate firewall users by pub key, password or both - authenticate ldap users by ldap stored ssh pub key, password or both - act as a trusted host to the backend server - authenticate to the inside using VIP pub key, password or both (a.k.a. RequiredAuthentications2 on RHEL, implemented by many current SFTP solutions as well) - be able to scan/block, what' s passed through the FGT without requiring rfc6187 certs, servers or clients.
Faulty_Male
New Contributor III

I have to agree with the comments about less bugs on software. Fortinet need to focus on testing before deploying software Memory issues always seem to be a problem and everything is going to be fixed in the next patch/release. This is just not good enough. I would also like to see a consistent look and feel across the product range - Fortigate / Fortimail / Fortianaylser, they do not look the same - why? Are these all developed by different teams who don' t speak to each other? Support also needs to get better and be quicker. Also stop adding new products that distract from the core. I know this is not really fortigate related Merry Christmas
Dave_Hall
Honored Contributor

Not so much a feature request but I would like to see a simple migration/scripting/validation tool for converting config files from model/firmware to another model/firmware. Just some suggestions on what this tool could perform... - validate current config for a target model/firmware version - suggest possible target fgt devices (and firmware) - step by step upgrade/downgrade firmware path for both source/target fgt model/firmware - links to patch notes for target firmware - list possible " gotchas" /migration issues - provide a simple port mapping/renaming scheme (auto renames source ports to target ports on target fgt) - backup/restore certain sections (e.g. replacement messages, urlfilter, Fortiguard web profile, etc.) - visual diff of before/after firmware upgrade (output similar to WinMerge) From a programming aspect, the program/tool would mostly draw on an internal database/lookup table of fgt devices (features/ports/compatible models/firmwares, etc.) At minimal, this tool could simply be a parsing/look up tool to aid in deciding a possible upgrade/firmware path for your current or updated fgt device.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

emnoc
Esteemed Contributor III

- step by step upgrade/downgrade firmware path for both source/target fgt model/firmware - links to patch notes for target firmware - list possible " gotchas" /migration issues
Those three are pretty much convered in the software release note details. Fortinet seems to have done a good job tell us how to migrate between marjor release. An dhow to downgrade between major versions. And the gotchas are typically listed in details on these same notes. I agree on diff, the lack of a configuration diff on appliance is really bad. Fortinet approach has been to use the fortimanager, but that' s not a easy to sale devicve. I guess for now you have to dump the config and do it old fashion way What would be a great tools wizzard for building vpn between fortigate and some other devices or another fortigate. Juniper has start their own and I' m really surprised that wiith all of the VPN problems person encountered, that fortinet has made a simple vpnwizzard builder as a onboard wizzard or a website tool.

PCNSE 

NSE 

StrongSwan  

Jordan_Thompson_FTNT

I agree on diff, the lack of a configuration diff on appliance is really bad. Fortinet approach has been to use the fortimanager, but that' s not a easy to sale devicve. I guess for now you have to dump the config and do it old fashion way
This can be done directly from the FortiGate on many models. On the main dashboard on the GUI, click on " Revisions" on the " System Configuration" line in the " System Information" widget. You can do a highlighted diff of historical versions of your configuration, and restore it.
What would be a great tools wizzard for building vpn between fortigate and some other devices or another fortigate. Juniper has start their own and I' m really surprised that wiith all of the VPN problems person encountered, that fortinet has made a simple vpnwizzard builder as a onboard wizzard or a website tool.
There is a simple VPN wizard available in FortiOS 5.0 and 4.3. Several types of tunnels can be created, including iOS. In the next release, this feature will be significantly better. Are there any particular VPN configurations that you' d like to see supported in a wizard?
Baptiste

AntiSpam : add " deny" action so (legitimate) sender can tell us they are blocked as there is no quarantaine option. IMO antispam feature is almost empty when I compare to my former Watchguard FW... And I won' t purchase a Fortimail Appliance, it' s not so hard to add some AS options to this UTM.

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E