A diagnose debug just for ssl certificate inspection. To see everything the certificate inspection profile does when ssl traffic goes trough it. I face a lot of issues related to ssl inspection in my job
@haraldk68283 жыл бұрын
This. It should be better debug and logs for SSL errors in the GUI.
@tehrandom423 жыл бұрын
Wireguard VPN. The tech is awesome, but the management of it... that's where it falls short. The fortinet gui is adequate, and it could be a killer feature.
@hennning883 жыл бұрын
A tool like packet tracer in ASA to quickly see what should happen to a packet based on all the rules set.
@FortinetGuru3 жыл бұрын
That would be a very welcome feature
@kavinpatel6443 жыл бұрын
There is already an active NFR (New Feature Request) for this feature. Hopefully, this feature will be added in a future release.
@joey33543 жыл бұрын
I am a security engineer that supports/deploys mostly Fortinet firewalls and FortiSwitches. For me the following functionality would be nice. 1. A traffic generator that can run from different source interfaces/networks. I always get questions about how fast is this line including the preceding devices, but can not test this without having a computer on location. 2. A way to execute http/s requests. For example curl for linux. This wil make it easy to get the global Ip-adress, or test some website output. There is some functionality with telnet, but not enough some times. 3. Diagnose debug flow in the gui. This is the command I use the most in troubleshooting. It is so simple but is the best tool for troubleshooting issues. 4. Openvpn client integration. This is more a personal preference, but I had to build a pfsense firewall next to my fortigate, because I needed this functionality. With openvpn I can act as if my network is in another country and I only have to pay a few euro's a year to make this possible. I understand this stands a bit in the way of the sslvpn from Fortinet so I understand that this would only work in the cli. And the following is more of a improvement needed in FortiSwitches de instead of functionality. I have a customer who want to deploy remotely firewalls and switches. This customer attaches fortigates, switches and fortiaps directly to their network to let me configure it for them. Fortiswitch deployments gives me issues most of the time. 1. Sometimes the fortiswitch doesn't get an Ip-adres and I have to console to in to enable fortilink. (annoying my customer) 2. Some new fortiswitches can't be handled by the fortigate because they have to old firmware. I need to build a temporary portforward to access and update it.... 3. I need to check if ntp is working properly because if the time between the switch and FortiGate has to much difference I get no link sometimes. 4. Some strange POE problem the fortios 6.2.3 has. POE randomely stops and upgrading to 6.4 seems to be the fix. Not fun when you have 400 locations with fortiswitches and a angry customer that their phones aren't working. 5. A way to upgrade al the FortiSwitches at the same time in the fortimanager. It is no fun to upgrade 700 FortiSwitches 1 by 1...... Why don't you make this the same as FortiAP's? 6. When I edit a dynamic object in de Fortiswitch section all the Fortigates get in a modified state. This is no fun because I cannot just do a install on every Fortigate. So I have to check a few hundred install logs every time. This is annoying because I only at configuration for 1 new unit.
@FortinetGuru3 жыл бұрын
Most of these would be wicked adds if Fortinet were to do them.
@pete23753 жыл бұрын
[1] Generally more settings in the GUI. If it gets cluttered then just hide them in an "advanced" section FortiManager style. For starters, I often have to have specify SYSLOG/SNMP/FMG/FAZ/RADIUS source addresses in the CLI. [2] Packet-tracer tool so we can easily see which DNAT/route/policy-route/fw-policy/nat-policy/etc a packet would take. [3] Maybe a new "Diagnostic" tab in GUI containing GUI-based diagnostic & troubleshooting tools such as ping/traceroute/packet capture/packet-tracer/traffic-generator/speed-test/"diag debug flow"/etc. [4] IPv6 VRF support. We have IPv4 VRFs, but no IPv6. [5] The ability to schedule a one-off reboot. [6] LLDP neighbor display in GUI
@AlaVRSim3 жыл бұрын
I'd love to see a more natural integration with Azure AD and Intune and MDM, that's going to be a whole new level if they implement Wifi Auth against AAD with MFA without having the need to get a radius server.
@FortinetGuru3 жыл бұрын
if they could integrate more seamlessly and easily with Azure it would be a huge win IMO
@AlaVRSim3 жыл бұрын
@@FortinetGuru absolutely, the list of features they can implement in this domain is huge. and MS CAS integration would be great
@edodonnell90573 жыл бұрын
I'd like the ability to use third party TOTP apps like Authy or Google Authenticator instead of the FortiToken Mobile app.
@randyb50293 жыл бұрын
In the Firewall Policy, having "reputation-minimum : 0-5" and "direction" as a gui item would be nice, helps juniors when diagnosing an issue can forget its enabled.
@KevinTKerrigan3 жыл бұрын
FortiMonitor - network orchestration automation integration with FortiGate... I hear it's tentatively earmarked for 7.2 FortiOS but DEAR GOD, to have SaltStack or Ansible like network device control of cisco switches or routers, to backup and or apply different configuration changes to automatically respond to discovered conditions/events would be game changing. No other firewall provider could come close!
@elmarf.48413 жыл бұрын
Would be nice to implement the Phase 2 Remote Proxy Id into a dynamic routing protocol like in a Dial Up VPN.
@LucPaulin3 жыл бұрын
A commit review/approval (junior netadmin can perform change on the FW, but senior has to review and push the change) :)
@RK-ly5qj3 жыл бұрын
Ability to use own USB Disks for LOGS !!^^ cuz FortiCloud sucks so much xd
@FortinetGuru3 жыл бұрын
Me: sliding 8 TB disk drive into USB port, done LOL. I could get behind this.
@RK-ly5qj3 жыл бұрын
@@FortinetGuru c'mon, why not. I mean, dont see benefits in it ?:p
@FortinetGuru3 жыл бұрын
Oh I would totes do it in many cases LOL
@HC192003 жыл бұрын
Fortinet needs a report for wan throughput speeds. That tiny widget in the UI is booboo, and fortianalyzer doesnt have a speed report. Only an amount of data report. Thanks Mike
@FortinetGuru3 жыл бұрын
This is actually a complaint of mine as well. I wouldn't mind seeing that ASAP
@mattb4743 жыл бұрын
A traffic manipulator, similar to the "Network Emulator" in GNS3, would be handy to add artificial packet loss + latency etc to traffic to test SDWAN configurations etc.
@FortinetGuru3 жыл бұрын
That is not a bad idea at all.
@brandonschierkolk25673 жыл бұрын
Google, cloudflare, and generic dyndns support. Ability for policy mode to pass/ignore on non-standard ports on an accept rule instead of blocking them, like PA. Reject option on policies built into GUI.
@tomislavfedek66783 жыл бұрын
Just making more stuff into a GUI will be helpful
@ricardoduarte99273 жыл бұрын
I would really like to get Device Type policies from 6.0 back.
@LucPaulin3 жыл бұрын
Rules/Policy history... (ie: when/who create the rule, who/what change on that specific date.....)
@noradtux3 жыл бұрын
I'd like to see support for Wireguard VPNs.
@hechec96943 жыл бұрын
quota system EX give 1G byte daily for an user or give it limit speed for an an user
@maci43 жыл бұрын
Auto renew lets encrypt certificate
@FortinetGuru3 жыл бұрын
They brought let’s encrypt to 7.0
@edodonnell90573 жыл бұрын
Better FortiAnalyzer GUI. I think FortiAnalyzer a lot of data, but it is not very useful because the GUI is difficult to use and not intuitive.
@sopota64693 жыл бұрын
No new features that break things in 0.0.x releases
@FortinetGuru3 жыл бұрын
😂
@Rage3KMoiz3 жыл бұрын
Underrated comment LOL
@edodonnell90573 жыл бұрын
Stop releasing new features in non x.x.0 releases.
@serlegar3 жыл бұрын
Remove that feature that tell you that you can upgrade to 7.0