Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG1kc
New Contributor

Features that you would like to see

Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
114 REPLIES 114
dantasrotole

It would be really interesting if we could add an banned ip throught cli, so we could integrate fortigate with some siem or others security tools. regards!
ZeroInterrupt

I would like my dashboard widgets back, specifically the " per-ip-usage" . Nothing was simpler when diagnosing bandwidth hogs..
pcraponi
Contributor II

per-ip-usage was removed because they are " bad" . It did not differentiate LAN / DMZ traffic of internet traffic... The new " Top Source" you can filter source + destination interface and show in realtime the top users

Regards, Paulo Raponi

markwen
New Contributor

I' d like to be able to set a Fortiguard webfilter category (Or custom category) as a destination address in firewall policies. I have a number of sites where users who are part of specific security groups are granted elevated access to these sites/categories. Currently need to maintain a bunch of address objects/groups to apply to firewall rules to separate specific traffic out from everything else.
markwen
New Contributor

Would also like to see a feature similar to that on my existing firewall solution. Bandwidth preload - The amount of data that is preloaded before the badwidth limit takes effect. Eg. A connection will have full speed up until this amount. An example, if it' s set to 512K. The fisrt 512K of any session using this shaper is delivered at wire speed, and data beyond this limit is shaped/throttled. The result being that most web pages load quickly, but any large data is shaped so as not to congest links.
gtimperio
New Contributor

I would like to see disk logging return to smaller boxes. 60D' s in particular.
Warren_Olson_FTNT

Are you not able to turn disk logging on via cli at all? I know its disabled by default but have you tried: config log disk setting set status enable
dasilva13

I have had a lot of issues on disk logging on the smaller units like the 60' s so I would use at your own discretion. Don' t know if the 60D would now have better capabilities for it, but I know the 60C have issues with it (flash).
Warren_Olson_FTNT

Agree with dasilva on the caveats, if you have alot of writing going on ie lots of events it may cause the flash to fail and you can' t(easily) replace it.
Dave_Hall
Honored Contributor

For what' s it' s worth, I would only temporary enable disk logging on those little guys if I really needed to troubleshoot something. From personal experience the flash-based " hard drives" in those small-to-mid-side units are acceptable to various failures -- of the 80CM and 200Bs we have deployed (over 50 units) in the last 4-6 years we had to RMA (guessing) 10-15 units (mostly 200Bs) due to " bad" flash. Personally, Fortient disabling disk logging on those smaller units was the " right thing" to do. But if you want to " re-enable" disk logging, you have to make sure the firmware supports a " hard drive" . On later firmwares, Fortinet removed " hard drive" functionally from some models. You can check from the CLI by typing: get hardware status

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C