Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG1kc
New Contributor II

Features that you would like to see

Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
115 REPLIES 115
billp
Contributor

+1 for byte-based quotas +1 for point " d" . Not having that is big liability when doing SSL deep scanning.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Zeihold_von_SSL
New Contributor

I would like to see that the local (on fortigate) dhcp server is able to update the local (on fortigate) dns database! The reason why I want this is really simple. I don' t have any (external) DHCP or DNS server in my lab. But I' am sick of typing ip-addresses while testing some features. There should be no performance impact or secruity risk. All features are there. Fortinet just has to combine them. ;)

Regards Rene ---

[size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size]

Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B

Regards Rene --- [size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size] Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B
bobm
New Contributor III

What I' d really like to see, and saw someone else post in another thread, is a streamlined SMB FW track. I' m using a single 60C for a couple dozen users with fairly simple requirements. Seems that 5.0 has pretty much universally hosed most of us with the small desktop boxes. Lots of functionality that doesn' t apply to us is killing our performance. And I have to keep reconfiguring stuff I' ve had running for two years to fit the new firmware parameters. FG is capable of some great stuff, just not in my environment, so I' d kind of like to keep it simple for us simple little users.
emnoc
Esteemed Contributor III

OSPFv3 authentication The ease of region ip-ban ( BLK list ) by countries geoip 2letter ISO 3166code. Heck pfsense has the covered with ease

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
hemantraturi
New Contributor

Route based failover (eg IPSLA in cisco)
-------------- FCNSA FCNSP
-------------- FCNSA FCNSP
SMabille
Contributor

RFC5072 - IPv6CP - IPv6 over PPP New to Fortigate (200D - 5.0.4) and one serious limitation is the lack of support for IPv6 over PPP. Need it for my backup connection (WAN2) which is PPP over ADSL.
Jay_Libove
Contributor

I would like to have a comments or notes field for pretty much every object type. For example, DNS entries do not offer comments or notes fields at all. Being able to make comments/notes (including fairly long texts, over 256 bytes, at least 1024 bytes) can make future administration much easier, by including information right next to each object about why the object exists/existed. thank,
ppowell

+1 on this. Comment, comment, comment. Running a system with a coupe of hundred entries and without self documentation it can be a real bear to makes changes months after the fact without thorough comments.
TMX1
New Contributor

I would like to see less " Features" and more of fixing the existing bugs! OH and stop changing/renaming stuff around for no reason.
SteveRoadWarrior
New Contributor III

I' m really enjoying the FortiDDNS service. It is making my life a lot easier. I do have a request though. Could the DDNS name be determined from the actual external address (like STUN) instead of what the Fortigate thinks it is? For example: an IPSEC VPN or a remote access rule can be limited to a source DNS name. However, if the Internet service is doing NAT and hands out a private IP, then the DDNS name is invalid (points to 192.168.1.11, etc). If the DDNS service could return the connecting IP to the Fortigate, and the Fortigate would use that IP as its registration instead of the actual WAN IP, it would save a lot of money. An internet provider (Verizon) likes to make their 3G cards show up as 10.x.x.x numbers unless you pay blood money for static IP' s. Having the DDNS service use the connecting IP as the registration name would solve several long-standing issues. Thanks!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors