Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
RE: Features that you would like to see (in reply to emnoc) quote: I agree on diff, the lack of a configuration diff on appliance is really bad. Fortinet approach has been to use the fortimanager, but that' s not a easy to sale devicve. I guess for now you have to dump the config and do it old fashion way This can be done directly from the FortiGate on many models. On the main dashboard on the GUI, click on " Revisions" on the " System Configuration" line in the " System Information" widget. You can do a highlighted diff of historical versions of your configuration, and restore it. quote: What would be a great tools wizzard for building vpn between fortigate and some other devices or another fortigate. Juniper has start their own and I' m really surprised that wiith all of the VPN problems person encountered, that fortinet has made a simple vpnwizzard builder as a onboard wizzard or a website tool. There is a simple VPN wizard available in FortiOS 5.0 and 4.3. Several types of tunnels can be created, including iOS. In the next release, this feature will be significantly better. Are there any particular VPN configurations that you' d like to see supported in a wizard? ÂWFIW: The system revison tool, is not very usefull nor automated by any means. On the VPN wizard, a wizard should be allowed for crafting all types of VPNs and not just remote-access. Fortinet could also build a tool for lan2lan vpns to include fortigate2fortigate and fortigate2" <non-fortigate+common firewalls >" I' m really surprised, that nobody has came close to doing this outside of Juniper e.g https://i2j.juniper.net/greenfield/jsp/index.jsp https://www.juniper.net/customers/support/configtools/vpnconfig.html IMHO, 90% of the fortigate VPN configuraton problems could vanish, if a simple vpn automation tool was to be crafted. Even cisco vpn wizard is slightly better than fortinet imho to some degree , and they had it out much longer than fortigate but it too lack vpn confgurations to a non-cisco-device. I really think somebody should build something that works off this guy example, but make it device selectable. e.g http://sheeponline.net/onlinetools/asa-l2l-vpn VPNs are not that hard to build, but most fwadmin dont do enough of them and lack WTF. Nor do they know every other firewall type out in the market and that other remote fwadmin is probably in the same boat ( doesn' t do enough of them on a regular basis, nor does he/she WTF,etc.....) So a tool that covers fortigate to ciscoASA, ciscoIOSrouter,checkpoint,juniper,etc..... would be very beneficial.
PCNSE
NSE
StrongSwan
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
ORIGINAL: billp Port knocking to allow dynamic whitelisting of IP' s that need access to SSH or other outside ports on the firewall.+1 for this...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.