On This Page
Fortinet
FortiGate (standalone)
- Access Requests
- Manual target selection
- Device object selection
- Modify Group
- Create/modify group
- Add Access
- Risk Analysis
- Designer
- Verifier
- Authorization and documentation
- Auto close
- Remove Access
- Verifier
- Decommission Network Object
- Impact Analysis
- Verifier
- Rule Recertification
- Update metadata
FortiManager (managing FortiGate)
- Access Requests
- Manual target selection
- Device object selection
- User Identity (Supported for user groups but not for FSSO groups)
- Modify Group
- Designer
- Syntax-based change
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Create/modify group
- Add Access
- Risk Analysis
- Verifier
- Designer
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Authorization and documentation
- Auto close
- Remove Access
- Auto close
- Verifier (topology mode only)
- Designer
- Provisioning
- Provisioning in automatic step
- Decommission Network Object
- Impact Analysis
- Designer
- Provisioning + Committing
- Verifier
- Authorization and documentation
- Clone Network Object Policy
- Designer
- Provisioning (or) Provisioning and CommittingVerifier
- Rule Decommission
- Designer
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Verifier
- Authorization and documentation
- Auto close
- Rule Modification
- Provisioning + Committing
- Provisioning + Committing in automatic step
- Rule Recertification
- Update metadata
Notes for FortiManager:
-
For FortiManager policies, only Profile-based NGFW (next-generation firewall) mode is supported.
-
In SecureChange, you can leverage automation tools, such as target selection, Verifier, and Designer to automate access requests that contain FQDNs.
-
In SecureTrack, there is visibility for FQDNs in security rules and change tracking, assessment, path analysis, and matching rules.
-
You can define the default for Security Profile Group (ContentID) in
stconf. Once these profiles are set, Designer for Access Request will create new rules accordingly. For details, see Configuring Log Forwarding and Security Profile Groups. -
Dynamic assignment and Skip this step if options do not list targets when topology is disabled.
Workaround: Enter these targets manually, using free text.
-
Support for Fortinet FortiManager Web Filters.
-
New objects in a Rule Modification workflow can only be created on the policy where the rule is located. It is not possible to create a global object in a hierarchical environment and add the object to a rule on a sibling policy.
-
In a Rule Modification workflow there is no zone validation for Fortinet FortiManager devices. While it is possible for a request to include adding objects from address books or adding zones to rules on other zones, validation will fail on provisioning.
-
Access Requests support IPv6 objects, including Designer recommendations and Provisioning.
- Designer gives priority to service objects that have a default timeout set in the firewall.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague