Created on 05-28-2013 08:58 PM
ABB@ProBiblio Fortigate 200D (slave master)
I' d like a firewall policy diagnostic tool. One that detects unused objects, redundant rules (i.e. earlier rule in the stack that permits the same thing), poor choices (any any?), and the like.FortiOS already supports some of this today:- * You can see unused objects (addresses, groups, etc) by filtering on the reference counters throughout the GUI * Unused policies can be tracked by enabling the optional " Last Used" column. This will give you an indication of when the last time the policy was hit (if at all). I' d be interested in feedback as to how these features can be improved further.
Created on 12-19-2013 08:01 AM
Created on 01-10-2014 06:19 AM