On This Page
Fortinet
FortiGate (standalone)
|
Access Requests |
Manual target selection |
|
Modify Group |
Create/modify group |
|
Add Access |
Risk Analysis |
|
Remove Access |
Verifier |
|
Server Decommission |
Impact Analysis, Verifier |
|
Rule Recertification |
Update metadata |
FortiManager Advanced (managing FortiGate)
Advanced means device management mode in SecureTrack is Advanced management
|
Access Requests |
Manual target selection |
|
Modify Group |
Designer |
|
Add Access |
Risk Analysis |
|
Remove Access |
Auto close, Verifier (topology mode only) |
|
Server Decommission |
Impact Analysis |
|
Clone Server Policy |
Designer |
|
Rule Decommission |
Designer |
| Rule Modification | Provisioning + Committing Provisioning + Committing in automatic step |
|
Rule Recertification |
Update metadata |
Notes for FortiManager Advanced:
-
Access Request supports FQDN objects which are resolved as IP addresses
-
“Dynamic assignment” and “Skip this step if” options do not list targets when topology is disabled.
Workaround: Enter these targets manually, using free text.
-
Support for Fortinet FortiManager Web Filters.
-
New objects in a Rule Modification workflow can only be created on the policy where the rule is located. It is not possible to create a global object in a hierarchical environment and add the object to a rule on a sibling policy.
-
In a Rule Modification workflow there is no zone validation for Fortinet FortiManager devices. While it is possible for a request to include adding objects from address books or adding zones to rules on other zones, validation will fail on provisioning.
-
Support for IPv6 objects for Access Requests in non topology mode (topology disabled).
- Designer gives priority to service objects that have a default timeout set in the firewall.
FortiManager Basic (managing FortiGate)
Basic means device management mode in SecureTrack is Basic firewall management
|
Access Requests |
Device object selection |
|
Add Access |
Risk Analysis |
|
Rule Recertification |
Update metadata |
