Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG1kc
New Contributor

Features that you would like to see

Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
114 REPLIES 114
Warren_Olson_FTNT

jorge, Could you list some specifics you' d like to see with DLP?
MikePruett

I would like to have an " application" field underneath the service field when creating a policy. Instead of making a application sensor that allows or denies we should be able to do it within the policy (making policies significantly more granular and easy to roll out). Palo Alto' s do that and it is incredible how much easier it is to kill traffic here allow it there all based on application without having to create 9 different sensors and THEN apply said sensors to the policies you made.
rickards

A function so when adding a firewall policy another policy with the opposite interfaces and addresses can be created. This could be useful to save time when configuring interface based vpn. So if i create a policy going from internal to vpn tunnel interface it could be a checkbox for this option.
Jordan_Thompson_FTNT

This could be useful to save time when configuring interface based vpn.
In FortiOS 5.2, the VPN wizard on the GUI will automatically create policies for you in both directions, in addition to all required routes & addresses.
ede_pfau
Esteemed Contributor III

Yes, like an entry on the context menu when right-clicking an existing policy, to ' clone reverse' . It would just need to swap interfaces and addresses, and somehow handle NAT if set.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
journeyman

" edit next" or " edit new" for integer based entries in the cli. So if you want to enter a new firewall policy or static route (or ospf network or ... ) from the cli you don' t have to determine what already exists.
Adrian_Lewis

edit 0
Jordan_Thompson_FTNT

" edit next" or " edit new" for integer based entries in the cli.
Correct, " edit 0" will give you the next available entry ID automatically.
journeyman

Nice to know, thanks. I tried edit 0 and was interested (amused) to see " new entry ' 0' added" . But I presumed wysiwyg so I aborted rather than ended, hence didn' t see then final result. Thanks again.
ede_pfau
Esteemed Contributor III

thus the feature request from my side: replace ' entry ' 0' added' with the actual entry # used, like ' entry 25 added' . CLI only of course, the GUI is doing it already.

Ede

"Kernel panic: Aiee, killing interrupt handler!"