Security Profiles

FortiOS 5.4 no longer supports FortiClient 5.0 or earlier (289455)

FortiOS 5.2 would support FortiClient 5.0 (only if the FortiGate upgraded to FortiOS 5.2), however FortiOS 5.4 will no longer support FortiClient 5.0. Customers need to purchase a FortiClient 5.4 subscription-based FortiClient license.

 

Session timers for IPS sessions (174696 163930)

The standard FortiOS session-ttl (time to live) timer for IPS sessions has been introduced to reduce synchronization problems between the FortiOS Kernel and IPS. This has been added so that FortiGate hard- coded timeout values can be customized, and IPS was using too much overall memory.

 

Botnet protection with DNS Filter (293259)

The new botnet list from FortiGuard can be used to block DNS requests to known botnet C&C IP addresses within a new DNS filter profile.

You can view the botnet list by going to System > FortiGuard > Botnet Definitions.

 

Secure white list database (288365)

Secure white list exemption for SSL deep inspection. To enable, go to Security Profiles > SSL/SSH Inspection and enable Exempt from SSL Inspection and enable Reputable Websites.

 

Mobile Malware Definition update (288022)

Mobile Malware is a separate license and can be downloaded as a separate object. It is packaged with the same FortiGuard object as the client app signatures. These signatures can be enabled in AV profiles by selecting Include Mobile Malware Protection.

 

Options not supported by the new quick mode flow-based virus scanning (288317)

Files cannot be sent to FortiSandbox for inspection while in quick mode flow-based virus scanning, and so the GUI option for it has been removed. No option to switch between quick mode and full mode, as choice between Proxy and Flow based inspection has been removed.

 

Add mobile malware to FortiGuard licenses page and include more version information (290049)

An entry and version information for Mobile Malware Definitions has been added in the License Information table under System > FortiGuard. Also, main items have been bolded and sub-items have been indented for clarification.

 

Secure white-list DB for flow based UTM features (287343)

A new feature that gathers a list of reputable domain names that can be excluded from SSL deep inspection. This list is periodically updated and downloaded to FortiGate units through FortiGuard.

 

Syntax:

config firewall ssl-ssh-profile edit deep-inspection

end

set whitelist enable

 

New customizable replacement message that appears when an IPS sensor blocks traffic (240081)

A new replacement message will appear specifically for IPS sensor blocked Internet access, to differentiate between IPS sensor blocking and application control blocking.

 

Low end models don’t support flow AV quick mode and don’t support the IPS block-malicious- url option (288318)

AV quick mode and the IPS block-malicious-url option have been disabled on low-end FortiGate models, however these features can be enabled if the FortiGate unit has a hard disk. Low-end models will only supportFullscan mode (the option is left in the GUI to show which mode is active for the user).

 

New quick mode flow-based virus scanning (281291)

When configuring flow-based virus scanning you can now choose between quick and full mode. Full mode is the same as flow-based scanning in FortiOS 5.2. Quick mode uses a compact antivirus database and advanced techniques to improve performance. Use the following command to enable quick mode in an antivirus profile:

config antivirus profile edit <profile-name>

set scan-mode {quick | full}

end

 

 

CVEIDs now appear in the FortiOS IPS signature list (272251)

The signature list can be found at Security Profiles > Intrusion Protection > View IPS Signatures.

 

Mobile malware protection added to Antivirus configuration (288022)

FortiGuard can now download signatures to enhance mobile antivirus protection.

To enable this option, go to Security Profiles > AntiVirus and enable Include Mobile Malware Protection.

One thought on “Security Profiles

  1. Jaro Stolicny

    Has anyone made this off-box websense intergration to work? I have got everything configured per Fortinet how-to, but I still not see firewall relaying http/https request to the websense server located on customer local network.

    Thanks.

    Jaro

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.