On This Page
Fortinet
FortiGate (standalone)
- Access Requests
- Manual target selection
- Device object selection
- Modify Group
- Create/modify group
- Add Access
- Risk Analysis
- Designer
- Verifier
- Authorization and documentation
- Auto close
- Remove Access
- Verifier
- Decommission Network Object
- Impact Analysis
- Verifier
- Rule Recertification
- Update metadata
FortiManager Advanced (managing FortiGate)
Advanced means device management mode in SecureTrack is Advanced management
- Access Requests
- Manual target selection
- Device object selection
- Modify Group
- Designer
- Syntax-based change
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Create/modify group
- Add Access
- Risk Analysis
- Verifier
- Designer
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Authorization and documentation
- Auto close
- Remove Access
- Auto close
- Verifier (topology mode only)
- Designer
- Provisioning
- Provisioning in automatic step
- Decommission Network Object
- Impact Analysis
- Designer
- Provisioning + Committing
- Verifier
- Authorization and documentation
- Clone Network Object Policy
- Designer
- Provisioning (or) Provisioning and CommittingVerifier
- Rule Decommission
- Designer
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Verifier
- Authorization and documentation
- Auto close
- Rule Modification
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Rule Recertification
- Update metadata
Notes for FortiManager Advanced:
-
In SecureChange, you can leverage automation tools, such as target selection, Verifier, and Designer to automate access requests that contain FQDNs.
-
In SecureTrack, there is visibility for FQDNs in security rules and change tracking, assessment, path analysis, and matching rules.
-
You can define the default for Security Profile Group (ContentID) in
stconf
. Once these profiles are set, Designer for Access Request will create new rules accordingly. For details, see Configuring Log Forwarding and Security Profile Groups. -
“Dynamic assignment” and “Skip this step if” options do not list targets when topology is disabled.
Workaround: Enter these targets manually, using free text.
-
Support for Fortinet FortiManager Web Filters.
-
New objects in a Rule Modification workflow can only be created on the policy where the rule is located. It is not possible to create a global object in a hierarchical environment and add the object to a rule on a sibling policy.
-
In a Rule Modification workflow there is no zone validation for Fortinet FortiManager devices. While it is possible for a request to include adding objects from address books or adding zones to rules on other zones, validation will fail on provisioning.
-
Access Requests support IPv6 objects, including Designer recommendations and Provisioning.
- Designer gives priority to service objects that have a default timeout set in the firewall.