Fortinet

FortiGate (standalone)

Dashboard and Browsers	Change Tracking Policy Analysis Risk Dashboard Cleanup Violations
Change Management	Rule and Object Usage Report Change Management Graphical Policy Real-time Monitoring Full Accountability Display IPv6 objects Create SecureChange ticket from Policy Browser for: • Rule Decommission • Rule Recertification
Policy Analysis	Automatic Policy Generation (APG) Policy Analysis Object Lookup
Auditing and Reporting	Auditing and Reporting
Topology	Static Topology Dynamic Topology

FortiManager Advanced (managing FortiGate)

Advanced means device management mode in SecureTrack is Advanced management

Dashboard and Browsers	Change Tracking Policy Analysis Risk Dashboard Cleanup Violations
Change Management	Rule and Object Usage Report Change Management Graphical Policy Real-time Monitoring Full Accountability Display IPv6 objects, routes, and interfaces Change Window Create SecureChange ticket from Policy Browser for: • Rule Decommission • Rule Modification • Rule Recertification
Policy Analysis	Automatic Policy Generation (APG) Global configuration visibility Object Lookup
Auditing and Reporting	Auditing and Reporting
Topology	Static Topology Dynamic Topology IPv6 routes Path analysis with IPv6 addresses in source and destination Calculate impact of NAT (Policy NAT and Central NAT) rules

Notes for FortiManager Advanced (5.4 or higher):

API for fetching dynamic topology is not supported for ADOM 5.2 and below.
These features are not supported: Regulations report, Risks, Policy Analysis, dynamic objects (treated as static object with the "default" as its value)
Support for “Collect dynamic topology information” feature, when dynamic addressing (DHCP) or routing protocols (OSPF and BGP) are in use.
Support for Fortinet FortiManager Web Filters.
For Fortinet FortiManager Global Rules that are assigned to ADOM policies, the following features are not supported:
- Automatic Policy Generator (APG)
- Last hit for rules in Policy Browser
- Rule and object usage
If you have IPv6 policies and upgrade to FortiManager 6.4 from an earlier version, all IPv6 policies will be deleted and recreated. In SecureTrack, it will appear as a diff in the Change Report.
Destination NAT using Services as optional filters is not supported yet
Source NAT is not supported for Fortimanagers 6.4 and below with Policy-based Policies that do not have the Central NAT Check box selected.
Calculating the impact of Central NAT rules is supported for FortiManager 6.0.5 and above.
Virtual routing and forwarding information is part of the firewall revision and is supported in the Topology Map.

FortiManager Basic (managing FortiGate)

Basic means device management mode in SecureTrack is Basic firewalll management.

Dashboard and Browsers	Change Tracking Policy Analysis Risk Dashboard Cleanup Violations
Change Management	Change Management Graphical Policy Real-time Monitoring Full Accountability Display IPv6 objects Create SecureChange ticket from Policy Browser for: • Rule Decommission • Rule Recertification
Policy Analysis	Policy Analysis
Auditing and Reporting	Auditing and Reporting
Topology	Static Topology Calculate impact of NAT rules

Notes for FortiManager Basic:

As of R19-3, creating new Fortinet FortiManager - Basic Mode devices is not supported. As of R22-1, retrieving new revisions is not supported. For details see Deprecated Devices

If you use FortiManager devices, we recommend using Advanced mode, which is still supported by Tufin

Real-time monitoring uses device polling.
For the policy packages on FortiManager: view and compare policies in graphical format, view the global object database, create New Revision and Advanced Change reports.
To get full support for a device that is connected to FortiManager, add the managed device to SecureTrack monitoring directly.
IPv6 objects are not supported.
VIP, IP pool, and destination interface NAT are supported on Fortigate devices that are managed by FortiManager.
Fortinet FortiManager workflow mode is not supported.