Hot!Features that you would like to see

Page: 12345.. > >> Showing page 1 of 6
Author
FG1kc
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/05/28 20:48:34
  • Status: offline
2013/05/28 20:58:28 (permalink)
0

Features that you would like to see

Why limit to Authentication-based routing,can' t fortinet have Address-based and Device Identity routing on the policy tab itself rahter than putting it on the policy route tab would be very nice to have when your using/have multiple gateways
#1
TheJaeene
Silver Member
  • Total Posts : 97
  • Scores: 10
  • Reward points: 0
  • Joined: 2010/01/06 00:56:49
  • Status: offline
RE: Features that you would like to see 2013/06/04 01:06:01 (permalink)
0
Virtual Routers would be nice too... the C.E.O. should know this Feature
Assigning a " Next Hop" Router via FW-Policy (like WGuard does) would save a lot of PBR Entries...
#2
Phill Proud
Bronze Member
  • Total Posts : 53
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/08/07 19:47:21
  • Status: offline
RE: Features that you would like to see 2013/06/04 22:20:15 (permalink)
0
Byte-based quotas for users, applied to firewall policies.
#3
Adrian Lewis
Gold Member
  • Total Posts : 318
  • Scores: 5
  • Reward points: 0
  • Joined: 2004/03/08 23:17:37
  • Status: offline
RE: Features that you would like to see 2013/06/05 08:14:44 (permalink)
0
Decouple both the server load balancing health checks and the dead gateway detection tests into their own ' section' so that they could be used to control not only gateway detection or server pools but also individual routes, firewall policies, or a number of other functions within FortiOS that could be turned on or off depending on the results of one or more checks. Adding things like latency as a metric for the tests could also enable things like performance based routing.
#4
FortiRack_Eric
Platinum Member
  • Total Posts : 1248
  • Scores: 21
  • Reward points: 0
  • Joined: 2007/03/12 13:54:17
  • Location: The Netherlands
  • Status: offline
RE: Features that you would like to see 2013/06/10 03:12:33 (permalink)
0
I would like to be able to nat with different IP address (ip-pool) depending on the chosen outbound interface.

So you can use IP-pool with 2 internet connections.


Rackmount your Fortinet --> http://www.rackmount.it/fortirack
 
#5
RH
Silver Member
  • Total Posts : 101
  • Scores: 2
  • Reward points: 0
  • Joined: 2011/07/28 14:40:07
  • Location: Sacramento, CA
  • Status: offline
RE: Features that you would like to see 2013/09/05 09:24:42 (permalink)
0
ban ip from DOS Policy

We get many alerts for icmp sweeps etc, and they are blocked from the DOS Policy, but I can' t ban an IP that keeps triggering the rule!
#6
Omar Hermannsson
New Member
  • Total Posts : 16
  • Scores: 0
  • Reward points: 0
  • Joined: 2009/06/08 09:36:42
  • Status: offline
RE: Features that you would like to see 2013/09/05 09:35:18 (permalink)
0

ORIGINAL: RH

ban ip from DOS Policy

We get many alerts for icmp sweeps etc, and they are blocked from the DOS Policy, but I can' t ban an IP that keeps triggering the rule!


You can do this from CLI. See set quarantine here:
http://docs.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%25205.0%2520CLI/config_firewall.10.10.html
#7
Uwe Sommerfeld
Silver Member
  • Total Posts : 61
  • Scores: 2
  • Reward points: 0
  • Joined: 2012/08/14 02:22:50
  • Location: Hamburg, Germany
  • Status: offline
RE: Features that you would like to see 2013/09/06 05:12:04 (permalink)
0
a) Support for 6rd sit-tunnels with DHCP wan IPv4 addresses
b) DNS autoupdates of DNS database zones (for client DNS updates - IPv6 without names is no fun).
c) serial port on 60D ;)
d) Implementation of a " good" and " bad" CA certificate for UTM SSL filtering (usage: sign with " good" certificate if external page cert is valid, sign with " bad" certificate when external page cert is invalid).
#8
billp
Expert Member
  • Total Posts : 846
  • Scores: 51
  • Reward points: 0
  • Joined: 2009/05/20 23:44:05
  • Location: Pacific Northwest
  • Status: offline
RE: Features that you would like to see 2013/09/06 08:45:49 (permalink)
0

+1 for byte-based quotas

+1 for point " d" .
Not having that is big liability when doing SSL deep scanning.

Bill

==========
Fortigate 600C 5.0.12, 111C 5.0.2
Logstash 1.4.1
#9
Zeihold_von_SSL
Silver Member
  • Total Posts : 99
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/03/21 02:49:44
  • Location: Frankfurt, Germany
  • Status: offline
RE: Features that you would like to see 2013/09/08 00:35:13 (permalink)
0
I would like to see that the local (on fortigate) dhcp server is able to update the local (on fortigate) dns database! The reason why I want this is really simple. I don' t have any (external) DHCP or DNS server in my lab. But I' am sick of typing ip-addresses while testing some features.

There should be no performance impact or secruity risk. All features are there. Fortinet just has to combine them. ;)

Regards
Rene
---
FCNSA.v5, FCNSP.v5, FCESP
Home: FWF60D FortiAP 220B
Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B
#10
Antonio Milanese
Bronze Member
  • Total Posts : 60
  • Scores: 6
  • Reward points: 0
  • Joined: 2012/12/15 06:11:02
  • Status: offline
RE: Features that you would like to see 2013/09/19 04:40:42 (permalink)
0
Hi All,

+1 for PBR within firewall policy

I would like to be able to see more routes state aware PBR to track availbility (DGD) of next hop gw..or even better IP SLA echo and track rtr as in CISCO gears..this should be great for PDR against redundant ipsec tunnels!

Best regards,

Antonio
#11
bobm
Silver Member
  • Total Posts : 101
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/07/15 12:32:22
  • Status: offline
RE: Features that you would like to see 2013/09/23 05:59:03 (permalink)
0
What I' d really like to see, and saw someone else post in another thread, is a streamlined SMB FW track.

I' m using a single 60C for a couple dozen users with fairly simple requirements. Seems that 5.0 has pretty much universally hosed most of us with the small desktop boxes. Lots of functionality that doesn' t apply to us is killing our performance. And I have to keep reconfiguring stuff I' ve had running for two years to fit the new firmware parameters. FG is capable of some great stuff, just not in my environment, so I' d kind of like to keep it simple for us simple little users.
#12
emnoc
Expert Member
  • Total Posts : 5366
  • Scores: 351
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
RE: Features that you would like to see 2013/09/25 06:19:07 (permalink)
0

OSPFv3 authentication


The ease of region ip-ban ( BLK list ) by countries geoip 2letter ISO 3166code. Heck pfsense has the covered with ease

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#13
hemantraturi
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/08/13 03:05:23
  • Status: offline
RE: Features that you would like to see 2013/10/03 21:56:02 (permalink)
0
Route based failover (eg IPSLA in cisco)

--------------
FCNSA
FCNSP
#14
SMabille
Silver Member
  • Total Posts : 71
  • Scores: 18
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
RE: Features that you would like to see 2013/10/04 16:42:00 (permalink)
0
RFC5072 - IPv6CP - IPv6 over PPP

New to Fortigate (200D - 5.0.4) and one serious limitation is the lack of support for IPv6 over PPP.
Need it for my backup connection (WAN2) which is PPP over ADSL.
#15
Jay Libove
Silver Member
  • Total Posts : 120
  • Scores: 8
  • Reward points: 0
  • Joined: 2013/06/04 08:02:40
  • Status: offline
Comment/Notes field for all data objects 2013/10/22 05:50:42 (permalink)
0
I would like to have a comments or notes field for pretty much every object type.
For example, DNS entries do not offer comments or notes fields at all.
Being able to make comments/notes (including fairly long texts, over 256 bytes, at least 1024 bytes) can make future administration much easier, by including information right next to each object about why the object exists/existed.
thank,
#16
ppowell
New Member
  • Total Posts : 8
  • Scores: 2
  • Reward points: 0
  • Joined: 2006/05/08 10:03:16
  • Status: offline
RE: Comment/Notes field for all data objects 2013/11/05 11:57:58 (permalink)
0
+1 on this. Comment, comment, comment. Running a system with a coupe of hundred entries and without self documentation it can be a real bear to makes changes months after the fact without thorough comments.
#17
TMX1
Silver Member
  • Total Posts : 75
  • Scores: 5
  • Reward points: 0
  • Joined: 2009/02/10 14:36:08
  • Status: offline
RE: Features that you would like to see 2013/11/14 18:07:36 (permalink)
5 (2)
I would like to see less " Features" and more of fixing the existing bugs!

OH and stop changing/renaming stuff around for no reason.
< Message edited by tmx1 -- 11/14/2013 6:46:38 PM >
#18
SteveRoadWarrior
Silver Member
  • Total Posts : 104
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/06/28 09:03:07
  • Location: east coast USA
  • Status: offline
RE: Features that you would like to see 2013/12/04 09:13:16 (permalink)
0
I' m really enjoying the FortiDDNS service. It is making my life a lot easier.

I do have a request though. Could the DDNS name be determined from the actual external address (like STUN) instead of what the Fortigate thinks it is?

For example: an IPSEC VPN or a remote access rule can be limited to a source DNS name. However, if the Internet service is doing NAT and hands out a private IP, then the DDNS name is invalid (points to 192.168.1.11, etc). If the DDNS service could return the connecting IP to the Fortigate, and the Fortigate would use that IP as its registration instead of the actual WAN IP, it would save a lot of money. An internet provider (Verizon) likes to make their 3G cards show up as 10.x.x.x numbers unless you pay blood money for static IP' s. Having the DDNS service use the connecting IP as the registration name would solve several long-standing issues.

Thanks!

#19
Carl527
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/12/13 11:55:12
  • Status: offline
RE: Features that you would like to see 2013/12/13 11:59:16 (permalink)
0
The ability to have multiple ports that answer SSL for a given IP address. Some clients are still using port 10443 but the new default is 443. Choice to either change existing install base or remind new users to enter a custom port.
#20
Page: 12345.. > >> Showing page 1 of 6
Jump to:
© 2019 APG vNext Commercial Version 5.5