Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Features that you would like to see
Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
79071
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
115 REPLIES 115
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom port.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom portNot needed: You can create a port-forwarding VIP for that: Public IP, 443 -> 10443. This goes into a WAN to WAN policy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom port.You can use a VIP to accomplish this... EDIT: Whoops, this has already been answered. Move along, nothing to see...
moo?
moo?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using local-in policy in FOS 5.x, you should be able to redirect the destination port via VIP. Would be worth to try.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The current ssh proxy - from what documentation provides, a sort of rfc6187 (?), is not suitable for most sftp implementations (and clients).
So a VIP of server-type: SSH/SFTP would be very valuable.
- upload a public and private ssh key to the FGT for each VIP
- authenticate firewall users by pub key, password or both
- authenticate ldap users by ldap stored ssh pub key, password or both
- act as a trusted host to the backend server
- authenticate to the inside using VIP pub key, password or both
(a.k.a. RequiredAuthentications2 on RHEL, implemented by many current SFTP solutions as well)
- be able to scan/block, what' s passed through the FGT without requiring rfc6187 certs, servers or clients.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have to agree with the comments about less bugs on software.
Fortinet need to focus on testing before deploying software
Memory issues always seem to be a problem and everything is going to be fixed in the next patch/release. This is just not good enough.
I would also like to see a consistent look and feel across the product range - Fortigate / Fortimail / Fortianaylser, they do not look the same - why? Are these all developed by different teams who don' t speak to each other?
Support also needs to get better and be quicker.
Also stop adding new products that distract from the core.
I know this is not really fortigate related
Merry Christmas
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not so much a feature request but I would like to see a simple migration/scripting/validation tool for converting config files from model/firmware to another model/firmware. Just some suggestions on what this tool could perform...
- validate current config for a target model/firmware version
- suggest possible target fgt devices (and firmware)
- step by step upgrade/downgrade firmware path for both source/target fgt model/firmware
- links to patch notes for target firmware
- list possible " gotchas" /migration issues
- provide a simple port mapping/renaming scheme (auto renames source ports to target ports on target fgt)
- backup/restore certain sections (e.g. replacement messages, urlfilter, Fortiguard web profile, etc.)
- visual diff of before/after firmware upgrade (output similar to WinMerge)
From a programming aspect, the program/tool would mostly draw on an internal database/lookup table of fgt devices (features/ports/compatible models/firmwares, etc.) At minimal, this tool could simply be a parsing/look up tool to aid in deciding a possible upgrade/firmware path for your current or updated fgt device.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- step by step upgrade/downgrade firmware path for both source/target fgt model/firmware - links to patch notes for target firmware - list possible " gotchas" /migration issuesThose three are pretty much convered in the software release note details. Fortinet seems to have done a good job tell us how to migrate between marjor release. An dhow to downgrade between major versions. And the gotchas are typically listed in details on these same notes. I agree on diff, the lack of a configuration diff on appliance is really bad. Fortinet approach has been to use the fortimanager, but that' s not a easy to sale devicve. I guess for now you have to dump the config and do it old fashion way What would be a great tools wizzard for building vpn between fortigate and some other devices or another fortigate. Juniper has start their own and I' m really surprised that wiith all of the VPN problems person encountered, that fortinet has made a simple vpnwizzard builder as a onboard wizzard or a website tool.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree on diff, the lack of a configuration diff on appliance is really bad. Fortinet approach has been to use the fortimanager, but that' s not a easy to sale devicve. I guess for now you have to dump the config and do it old fashion wayThis can be done directly from the FortiGate on many models. On the main dashboard on the GUI, click on " Revisions" on the " System Configuration" line in the " System Information" widget. You can do a highlighted diff of historical versions of your configuration, and restore it.
What would be a great tools wizzard for building vpn between fortigate and some other devices or another fortigate. Juniper has start their own and I' m really surprised that wiith all of the VPN problems person encountered, that fortinet has made a simple vpnwizzard builder as a onboard wizzard or a website tool.There is a simple VPN wizard available in FortiOS 5.0 and 4.3. Several types of tunnels can be created, including iOS. In the next release, this feature will be significantly better. Are there any particular VPN configurations that you' d like to see supported in a wizard?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AntiSpam : add " deny" action so (legitimate) sender can tell us they are blocked as there is no quarantaine option.
IMO antispam feature is almost empty when I compare to my former Watchguard FW...
And I won' t purchase a Fortimail Appliance, it' s not so hard to add some AS options to this UTM.
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E