Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG1kc
New Contributor

Features that you would like to see

Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
115 REPLIES 115
Marco
New Contributor III

VPN Portal with HTML5 Client for RDP (and maybe other) Connections.
FlashOver

The possibility to hide the menu to have more Space for policy collums.
Jordan_Thompson_FTNT

The possibility to hide the menu to have more Space for policy collums.
If you are referring to the navigation bar on the left hand side of the GUI, you can already drag that to the left to increase the size of the right-hand pane.
obrienw

1) Security Profile Groups: The ability to combine one-each of AV/Web Filter/App. Control/IPS/etc. profiles into a Security Profile Group which can then be applied by a single drop-down choice when creating firewall policies. 2) Improved support / pre-configured options for MS Update, Office 365 (Exchange/Lync online), and Intune. Those are services I always want my users to be able to access whether or not they' re authenticated, or even logged in to their computers. The only way I' ve found around this is to create a massive list of subnet/FQDN Addresses (200+ at this point) that I can use as a Destination Address list in a policy prior to the actual web/user authenticated policy. There could even be some sort of an MS Subscription to keep the subnets up to date. 3) Related to number 2: The ability to create wildcarded domain names as Addresses, not just web filters. (For instance, MS says that you need to open up *.infra.lync.com, not just infra.lync.com.)
Jordan_Thompson_FTNT

1) Security Profile Groups: The ability to combine one-each of AV/Web Filter/App. Control/IPS/etc. profiles into a Security Profile Group which can then be applied by a single drop-down choice when creating firewall policies.
This is already supported in the CLI:- config firewall profile-group .. Configured profile groups will appear on the GUI.
obrienw

Could you clarify that? (OS 5.0.7) I went in and set up two different profile-groups with the CLI, but only for the features I have active (AV, Web Filter, App. Control, IPS. I' ve deactivated the DLP, Email, and Endpoint.) I still don' t see anything like that on that GUI, even after a reboot to make sure. Either way, thanks a bunch for pointing it out.
Jordan_Thompson_FTNT

To clarify:- * In 5.0, profile groups will appear on the GUI only if chosen for a specific policy in the CLI * In 5.2, profile groups will be completely configurable on the GUI if you enable " gui-dynamic-profile" under " config system global" .
obrienw

Got it. In 5.0.7 you also have to go in to each policy (via the CLI):
 config firewall policy
 edit #
 
and then set the profile type:
 set profile-type group
 end
 
At that point the UI will then show a dropdown on that policy for your configured profile groups.
Dave_Hall
Honored Contributor

Something either on the GUI or system log that can easily denote possible duplex/speed mismatch (or flapping) on any of the interface ports -- maybe even turning the Green Up arrow to yellow or orange on the GUI network interface page or provide more network connection info on the port.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
bobm
New Contributor III

You know, I' d be happy just to have a stable release. Between ipsengine crashes, pyfcgid crashes, and now httpsd crashes, my memory usage has been so high that I haven' t been able to enable AV or IPS for over a year. Kind of limits the usefulness of a security appliance in my mind. And the response from FG? Wait for the next bug fix release (again). What' s going to break next?
Labels
Top Kudoed Authors