Botnet protection added (254959)

The latest Botnet database is available from FortiGuard. You can see the version of the database and display its contents from the System > FortiGuard GUI page. You can also block, monitor or allow outgoing connections to Botnet sites for each FortiGate interface.

FortiSandbox URL database added

You can see the version of the database and display its contents from the System > FortiSandbox GUI page.

New Web Filter profile whitelist setting and changes to blacklist setting (283855, 285216)

Domain reputation can now be determined by “common sense”, for sites such as Google, Apple, and even sites that may contain sensitive material that would otherwise be trusted (i.e. there is no risk of receiving botnets or malicious attacks). You can tag URL groups with flags that exempt them from further sandboxing or AV analyzing.

You can identify reputable sites and enable certain bypasses under Security Profiles > Web Filter. Similarly, you can exempt the identified reputable sites from SSL inspection.

CLI Syntax

config firewall ssl-ssh-profile edit <profile-name>

set whitelist [enable | disable]

end

config webfilter profile edit <profile-name>

config web

set whitelist exempt-av exempt-webcontent exempt-activex-java-cookie exempt-dlp exempt-rangeblock extended-log-others

end

end