Security Fabric Audit - Time Window? Configurable?
I've been running the Security Fabric Audit on our 5.6.x system. It's had some helpful comments, but I have also seen some weirdness and have some questions. Wondered if others have seen similar issues or have any answers.
We've got two locations connected by IPsec, with Security Fabric over IPsec. Main location has 5.6.5 FortiGate, 5.6.5 FortiAnalyzer, 5.3.1 FortiAuthenticator, 3.6.7 FortiSwitches, 5.6.4 FortiAPs. Branch location has FortiGate, FortiSwitch, and FortiAP.
- Sometimes the audit will warn me that the FortiLink interface to the FortiSwitch at our branch location has no role (wan, lan, etc.) set. Sometimes it won't. It never warns me about the FortiLink interface at our main location, which also has role undefined.
- The audit continues to warn me that servers that were removed from our branch location a week ago aren't behind a DMZ. Anybody know the time window it uses? On a stability note, it warns me about the servers maybe 3 times out of 4.
- The audit warns me that I'm not using FortiClient on endpoints. Any way to switch that off if we're not using FortiClients?
- The audit warns that I'm not at the current versions for some devices because I haven't moved from the (latest) 5.6.x to the (unstable) 6.0.x. Any way to switch that off?