Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Features that you would like to see
Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
80288
115 REPLIES 115
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
instead of using | grep -2000 <search term>command | grep -f <search term>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great, thank you! That helps if I know the value that I' m looking for.
How about the command that I could use in ' diagnose' to troubleshoot some issue?
# tree diagnose | grep -f bgp
node ' |' is not found in cmdb
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not quite what you' re looking for but:
http://wiki.diagnose.fortinet.com:1080/index.php/Overview
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am working with the Webbased Manager for a few weeks now.
What I *realy* would like to see is a consistent user interface.
Example:
In " Firewall Objects / Address / Addresses" you can Search and you can Filter
In " Firewall Objects / Virtual IPs / Virtual IPs" you can neither Search nor Filter
And in both views you can' t sort, something you can do in " Router / Static / Static Routes" (where incidentaly you cant Search)
And I would love to see my (column) settings save on a user base on the device and not by web browser.
ABB@ProBiblio Fortigate 200D (slave master)
ABB@ProBiblio Fortigate 200D (slave master)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As others have mentioned, I would like PBR integrated into individual policies.
Also, I would like the ability to combine NAT IP pools in policies while also using multiple WAN interfaces grouped into zones with common policies. (I think this has also been mentioned on page 1 of this thread.)
Third, I would like a layer 2 VPN (e.g. L2TPv3) so that subnet_A in Site_A is bridged over a VPN to Site_B. I understand this may not be the right answer in every situation and there' s gotchas like MTU challenges. However, I' ve been forced to use a pair of Cisco routers for this functionality and it would have been preferable to use a pair of Fortigates exclusively.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' d like a firewall policy diagnostic tool. One that detects unused objects, redundant rules (i.e. earlier rule in the stack that permits the same thing), poor choices (any any?), and the like.
Cisco has had sanity checking tools for this for a long time. They' re not perfect, but they' re extremely helpful when their output is taken with a grain of salt.
In real life, it' s not unusual for an infosec person to find themselves " inheriting" a firewall managed by someone else, some other group, or some company that was acquired. With 60 VLANs and 800+ rules. That have a lot of suckage.
Fortinet is offering tools to parse and migrate from Cisco and Juniper that do some of this. How about a tool specific to Fortigate firewalls that audit their rule sets and highlight masked rules and best-practices deviations?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' d like a firewall policy diagnostic tool. One that detects unused objects, redundant rules (i.e. earlier rule in the stack that permits the same thing), poor choices (any any?), and the like.FortiOS already supports some of this today:- * You can see unused objects (addresses, groups, etc) by filtering on the reference counters throughout the GUI * Unused policies can be tracked by enabling the optional " Last Used" column. This will give you an indication of when the last time the policy was hit (if at all). I' d be interested in feedback as to how these features can be improved further.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agreed... and this describe how I painfully, manually go through FW configs to try to clean them up.
It' s not a big problem when you' re talking about a few firewalls with a few dozen normal rules on them. It becomes an issue when you have dozens of firewalls with craploads of VLANs and hundreds of rules on each.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' d really like to be able to adjust the cookie name for persistence. Lync / Exchange setups require a specific custom cookie name of like MS-WSMAN or something similar.
The current Fortigate product seems to let you setup cookies and cookie types, but without being able to adjust the cookie name really doesn' t help much for Microsoft products.
It really caught me by surprise on a recent project.
http://blogs.technet.com/b/nexthop/archive/2011/11/03/hardware-load-balancer-requirements-for-lync-server-2010.aspx
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to have a " time budget" feature to be able to sell time vouchers in hotels for example. And the ability to assign a Dialup VPN configuration to a FQDN like Cisco ASA does it really well.