Support security profile scanning of RPC over HTTP traffic (287508)
This protocol is used by Microsoft Exchange Server so this feature supports security profile features such as virus scanning of Microsoft Exchange Server email that uses RPC over HTTP.
Users now allowed to override blocked categories using simple, wildcard, and regex expres- sions to identify the URLs that are blocked (270165)
This feature is also called per-user BWL. To be able to configure this feature from the GUI enter the following command:
config system global
set per-user-bwl enable end
Then go to Security Profiles > Web Filtering, edit a web filtering profile and select Allow users to override blocked categories.
Use the following command to configure this feature from the CLI:
config webfilter profile edit <profile-name>
set options per-user-bwl end
Set flow or proxy mode for your FortiGate (or per VDOM) (266028)
You can configure your FortiGate or a VDOM to apply security profile features in proxy or flow mode. Change between modes from the System Information dashboard widget. Proxy mode offers the most accurate results and the greatest depth of functionality. Flow mode provides enhanced performance. IPS and application control always operates in flow mode and so is not affected by changing this mode.
Security Profiles > Web Application Firewall
Signatures can now be filtered based on risk level.
The options to reset action and apply traffic shaping is now only available in the CLI.
The All Other Known Applications option has been removed, while the option for All Other Unknown
Applications has been renamed Unknown Applications.
Block all Windows executable files (.exe) in email attachments (269781)
A new option has been added to AntiVirus profiles to block all Windows executable files (.exe) in email attachments.
CLI Syntax
config antivirus profile edit “default”
config imap
set executables {default | virus}
end
config pop3
set executables {default | virus}
end config smtp
set executables {default | virus}
end
config mapi
set executables {default | virus}
end end
end
Has anyone made this off-box websense intergration to work? I have got everything configured per Fortinet how-to, but I still not see firewall relaying http/https request to the websense server located on customer local network.
Thanks.
Jaro