Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
I would like to see that the local (on fortigate) dhcp server is able to update the local (on fortigate) dns database! The reason why I want this is really simple. I don' t have any (external) DHCP or DNS server in my lab. But I' am sick of typing ip-addresses while testing some features.
There should be no performance impact or secruity risk. All features are there. Fortinet just has to combine them. ;)
What I' d really like to see, and saw someone else post in another thread, is a streamlined SMB FW track.
I' m using a single 60C for a couple dozen users with fairly simple requirements. Seems that 5.0 has pretty much universally hosed most of us with the small desktop boxes. Lots of functionality that doesn' t apply to us is killing our performance. And I have to keep reconfiguring stuff I' ve had running for two years to fit the new firmware parameters. FG is capable of some great stuff, just not in my environment, so I' d kind of like to keep it simple for us simple little users.
I would like to have a comments or notes field for pretty much every object type.
For example, DNS entries do not offer comments or notes fields at all.
Being able to make comments/notes (including fairly long texts, over 256 bytes, at least 1024 bytes) can make future administration much easier, by including information right next to each object about why the object exists/existed.
+1 on this. Comment, comment, comment. Running a system with a coupe of hundred entries and without self documentation it can be a real bear to makes changes months after the fact without thorough comments.
I' m really enjoying the FortiDDNS service. It is making my life a lot easier.
I do have a request though. Could the DDNS name be determined from the actual external address (like STUN) instead of what the Fortigate thinks it is?
For example: an IPSEC VPN or a remote access rule can be limited to a source DNS name. However, if the Internet service is doing NAT and hands out a private IP, then the DDNS name is invalid (points to 192.168.1.11, etc). If the DDNS service could return the connecting IP to the Fortigate, and the Fortigate would use that IP as its registration instead of the actual WAN IP, it would save a lot of money. An internet provider (Verizon) likes to make their 3G cards show up as 10.x.x.x numbers unless you pay blood money for static IP' s. Having the DDNS service use the connecting IP as the registration name would solve several long-standing issues.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.