"diag debug flow" in GUI :)

A diagnose debug just for ssl certificate inspection. To see everything the certificate inspection profile does when ssl traffic goes trough it. I face a lot of issues related to ssl inspection in my job

Wireguard VPN. The tech is awesome, but the management of it... that's where it falls short. The fortinet gui is adequate, and it could be a killer feature.

A tool like packet tracer in ASA to quickly see what should happen to a packet based on all the rules set.

I am a security engineer that supports/deploys mostly Fortinet firewalls and FortiSwitches. For me the following functionality would be nice. 1. A traffic generator that can run from different source interfaces/networks. I always get questions about how fast is this line including the preceding devices, but can not test this without having a computer on location. 2. A way to execute http/s requests. For example curl for linux. This wil make it easy to get the global Ip-adress, or test some website output. There is some functionality with telnet, but not enough some times. 3. Diagnose debug flow in the gui. This is the command I use the most in troubleshooting. It is so simple but is the best tool for troubleshooting issues. 4. Openvpn client integration. This is more a personal preference, but I had to build a pfsense firewall next to my fortigate, because I needed this functionality. With openvpn I can act as if my network is in another country and I only have to pay a few euro's a year to make this possible. I understand this stands a bit in the way of the sslvpn from Fortinet so I understand that this would only work in the cli. And the following is more of a improvement needed in FortiSwitches de instead of functionality. I have a customer who want to deploy remotely firewalls and switches. This customer attaches fortigates, switches and fortiaps directly to their network to let me configure it for them. Fortiswitch deployments gives me issues most of the time. 1. Sometimes the fortiswitch doesn't get an Ip-adres and I have to console to in to enable fortilink. (annoying my customer) 2. Some new fortiswitches can't be handled by the fortigate because they have to old firmware. I need to build a temporary portforward to access and update it.... 3. I need to check if ntp is working properly because if the time between the switch and FortiGate has to much difference I get no link sometimes. 4. Some strange POE problem the fortios 6.2.3 has. POE randomely stops and upgrading to 6.4 seems to be the fix. Not fun when you have 400 locations with fortiswitches and a angry customer that their phones aren't working. 5. A way to upgrade al the FortiSwitches at the same time in the fortimanager. It is no fun to upgrade 700 FortiSwitches 1 by 1...... Why don't you make this the same as FortiAP's? 6. When I edit a dynamic object in de Fortiswitch section all the Fortigates get in a modified state. This is no fun because I cannot just do a install on every Fortigate. So I have to check a few hundred install logs every time. This is annoying because I only at configuration for 1 new unit.

[1] Generally more settings in the GUI. If it gets cluttered then just hide them in an "advanced" section FortiManager style. For starters, I often have to have specify SYSLOG/SNMP/FMG/FAZ/RADIUS source addresses in the CLI. [2] Packet-tracer tool so we can easily see which DNAT/route/policy-route/fw-policy/nat-policy/etc a packet would take. [3] Maybe a new "Diagnostic" tab in GUI containing GUI-based diagnostic & troubleshooting tools such as ping/traceroute/packet capture/packet-tracer/traffic-generator/speed-test/"diag debug flow"/etc. [4] IPv6 VRF support. We have IPv4 VRFs, but no IPv6. [5] The ability to schedule a one-off reboot. [6] LLDP neighbor display in GUI

I'd love to see a more natural integration with Azure AD and Intune and MDM, that's going to be a whole new level if they implement Wifi Auth against AAD with MFA without having the need to get a radius server.

I'd like the ability to use third party TOTP apps like Authy or Google Authenticator instead of the FortiToken Mobile app.

In the Firewall Policy, having "reputation-minimum : 0-5" and "direction" as a gui item would be nice, helps juniors when diagnosing an issue can forget its enabled.

FortiMonitor - network orchestration automation integration with FortiGate... I hear it's tentatively earmarked for 7.2 FortiOS but DEAR GOD, to have SaltStack or Ansible like network device control of cisco switches or routers, to backup and or apply different configuration changes to automatically respond to discovered conditions/events would be game changing. No other firewall provider could come close!

Would be nice to implement the Phase 2 Remote Proxy Id into a dynamic routing protocol like in a Dial Up VPN.

A commit review/approval (junior netadmin can perform change on the FW, but senior has to review and push the change) :)

Ability to use own USB Disks for LOGS !!^^ cuz FortiCloud sucks so much xd

Fortinet needs a report for wan throughput speeds. That tiny widget in the UI is booboo, and fortianalyzer doesnt have a speed report. Only an amount of data report. Thanks Mike

A traffic manipulator, similar to the "Network Emulator" in GNS3, would be handy to add artificial packet loss + latency etc to traffic to test SDWAN configurations etc.

Google, cloudflare, and generic dyndns support. Ability for policy mode to pass/ignore on non-standard ports on an accept rule instead of blocking them, like PA. Reject option on policies built into GUI.

Just making more stuff into a GUI will be helpful

I would really like to get Device Type policies from 6.0 back.

Rules/Policy history... (ie: when/who create the rule, who/what change on that specific date.....)

I'd like to see support for Wireguard VPNs.

quota system EX give 1G byte daily for an user or give it limit speed for an an user

Auto renew lets encrypt certificate

Better FortiAnalyzer GUI. I think FortiAnalyzer a lot of data, but it is not very useful because the GUI is difficult to use and not intuitive.

No new features that break things in 0.0.x releases

Stop releasing new features in non x.x.0 releases.

Remove that feature that tell you that you can upgrade to 7.0