On This Page
Fortinet
FortiGate (non-management device)
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules with expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Changes (see Change Browser)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Full Accountability (Details of the revision, including who made the revision and when)
-
Display IPv6 objects
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
-
Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)
- Topology
-
Static Topology
-
Dynamic Topology
-
Calculate impact of VPN policies
- Offline Analysis
-
Not supported when device is configured for high availability
FortiManager Advanced (managing FortiGate)
Advanced means device management mode in SecureTrack is Advanced management
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules with expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Changes (see Change Browser)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Full Accountability (Details of the revision, including who made the revision and when)
- Display IPv6 objects, routes, and interfaces
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Change Window (see View and Update a Change Window)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)
-
Rule Recertification(Used to document and verify the need for a rule)
-
-
Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)
- Global configuration visibility
- Topology
-
Static Topology
-
Dynamic Topology
-
Calculate impact of NAT rules
-
IPv6 routes
-
Path analysis with IPv6 addresses in source and destination
- SD-WAN: Supported for FortiManager 7.0 and later. The SD-WAN rules must be created using the SD-WAN templates and the ADOM version must be 7.0 or later.
- Connectivity via VPN
Notes for FortiManager Advanced (5.4 or later):
-
API for fetching dynamic topology is not supported for ADOM 5.2 and earlier.
-
These features are not supported: Regulations report, Risks, Policy Analysis, dynamic objects (treated as static object with the "default" as its value)
-
Support for “Collect dynamic topology information” feature, when dynamic addressing (DHCP) or routing protocols (OSPF and BGP) are in use.
-
Support for Fortinet FortiManager Web Filters.
-
For Fortinet FortiManager Global Rules that are assigned to ADOM policies, the following features are not supported:
-
Automatic Policy Generator (APG)
-
Last hit for rules in Rule Viewer
-
Rule and object usage
-
-
If you have IPv6 policies and upgrade to FortiManager 6.4 from an earlier version, all IPv6 policies will be deleted and recreated. In SecureTrack, it will appear as a diff in the Change Report.
-
Destination NAT using Services as optional filters is not currently supported.
-
Source NAT is not supported for Fortimanagers 6.4 and below with Policy-based Policies that do not have the Central NAT Check box selected.
-
Calculating the impact of Central NAT rules is supported for FortiManager 6.0.5 and later.
-
Virtual routing and forwarding information is part of the firewall revision and is supported in the Topology Map.
-
In Fortinet scripts, rule names need to be within quotation marks. For example: "Escalation Rule"
-