Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
per-ip-usage was removed because they are " bad" . It did not differentiate LAN / DMZ traffic of internet traffic...
The new " Top Source" you can filter source + destination interface and show in realtime the top users
I' d like to be able to set a Fortiguard webfilter category (Or custom category) as a destination address in firewall policies.
I have a number of sites where users who are part of specific security groups are granted elevated access to these sites/categories.
Currently need to maintain a bunch of address objects/groups to apply to firewall rules to separate specific traffic out from everything else.
Would also like to see a feature similar to that on my existing firewall solution.
Bandwidth preload - The amount of data that is preloaded before the badwidth limit takes effect. Eg. A connection will have full speed up until this amount.
An example, if it' s set to 512K. The fisrt 512K of any session using this shaper is delivered at wire speed, and data beyond this limit is shaped/throttled. The result being that most web pages load quickly, but any large data is shaped so as not to congest links.
I have had a lot of issues on disk logging on the smaller units like the 60' s so I would use at your own discretion. Don' t know if the 60D would now have better capabilities for it, but I know the 60C have issues with it (flash).
For what' s it' s worth, I would only temporary enable disk logging on those little guys if I really needed to troubleshoot something.
From personal experience the flash-based " hard drives" in those small-to-mid-side units are acceptable to various failures -- of the 80CM and 200Bs we have deployed (over 50 units) in the last 4-6 years we had to RMA (guessing) 10-15 units (mostly 200Bs) due to " bad" flash.
Personally, Fortient disabling disk logging on those smaller units was the " right thing" to do. But if you want to " re-enable" disk logging, you have to make sure the firmware supports a " hard drive" . On later firmwares, Fortinet removed " hard drive" functionally from some models. You can check from the CLI by typing:
get hardware status
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.