With v5.6 I can now create policy rules that allow access for users based upon 'Internet Service Database' objects. Currently, I get notified from Microsoft about changes to the IP addresses they use for Office 365 etc.
Question: How up to date are the ISD objects and do they keep up to date with IP changes from Microsoft? This also applies to other providers such as Apple, Adobe etc.
Thanks for your help, however I have a concern about the use of isdb in 5.6.3, I only see that it is possible to use it in static routes BUT if I have a static route created towards a ip xxxx with gateway yyyy that belongs to microsoft ( distance 10 priority 0) and create a static route with isb that includes microsoft (in the list is xxxx) and zzzz gateway by which route would it go? and how the election would be made if both would be static.
This is because I have not managed to find much information and I have understood that the routing process (without dynamic protocols) would be something like
static route defined
static route by default
after some trouble shooting and debugging i found out the ISDB routes act like policy routes, so while you configure them as static route they don't show up anywhere expect in the policy routing monitor (FortiOS 5.6+). this also means they have the same priority over regular routes as "normal" policy routes have.
might have been smarter if Fortinet would have added them as an option to the policy routes, then it would be clearer to understand how they work. now it suggests like they act like static routers which they clearly don't on several levels.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.