Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
I would like to be able to change IP end-points in GRE tunnels without destroying the tunnel and recreating it. Currently, attempting to change the local or remote IP results in this message (tested on v5.0.7):
unexpected to change gateway address!
attribute set operator error, -61, discard the setting
To reduce the pain, I always put the GRE tunnel inside a zone, thus eliminating the need to delete and recreate policies. Only the tunnel itself needs to be dropped and re-added to the zone. Still, I' d rather just update the single IP that has changed and be done.
I believe, the NSA is trained to crack AES, DES, SSL and other common cryptographic protocols day by day
Why do you believe that a cipher that' s military grade can be cracked by NSA? If they can crack any thing, it' s bad security practice and poor implementation
using AES1128-256 but with a weak or common key.
As far offering up another encryption cipher what? blowfish? And what advantage is that going to offer ?
And nobody who' s serious about encryption , would use DES :)
Would like the ability to set rate limit (traffic shaping) with different upstream and downstream values per IP. This works better with Internet services which do not have the same amount of upload and download bandwidth.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.