Firewall (5.6.1)

Firewall (5.6.1)

New firewall features added to FortiOS 5.6.1.

Improvement to NAT column in Policy List Display (305575)

The NAT column in the listing of Policy can provide more information than before.

Previously the field for the policy in the column only showed whether NAT was Enabled or Disabled.

With the new improvements, not only does the field show the name of the Dynamic Pool, if one is being used, but the tool-tip feature is engaged if you hover the cursor over the icon in the field and provides even more specific information.

GUI support for adding Internet-services to proxy-policies (405509)

There is now GUI support for the configuration of adding Internet services to proxy policies. When choosing a destination address for a Proxy Policy, the Internet Service tab is visible and the listed objects can be selected.

Firewall (5.6.1)

By choosing an Internet Service object as the Destination, this sets internet-service to enable and specifying either an Address or IPv6 Address object will set internet-service to disable.

Inline editing of profile groups on policy (409485)

There can now be editing to the profile groups within the policy list display window. Before, you had to go into the edit window of the policy, such as in the image below:

However, now the editing can be done from the list display of policies and clicking on the GRP icon. Right clicking on the icon will slide a window out from the left and left clicking will give you a drop-down menu.

Rename “action” to “nat” in firewall.central-snat-map (412427)

The action field option in thecontext of firewall central-snat-map in the CLI was considered by some to be a little ambiguous, so it has been renamed to nat, an option that can either be enabled or disabled.

Explicit proxy supports session-based Kerberos authentication (0437054)

  • Explicit proxy supports session-based Kerberos authentication l Transparent proxy will create an anonymous user if the an attempt to create a NTLM connection fails.
  • When FSSO authentication fails for the explicit FTP proxy, the FortiGate responses with the error message “match policy failed”.
This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.