Executive Summary
This chapter briefly highlights some of the higher profile new FortiOS 5.6 features, some of which have been enhanced for FortiOS 5.6.2.
Security Fabric enhancements
Security Fabric features and functionality continue to evolve. New features include improved performance and integration, a security audit function that finds possible problems with your network and recommends solutions, security fabric dashboard widgets, improved device detection, and the remote login to other FortiGates on the fabric. See New Security Fabric features on page 20.
Security Fabric Audit
The Security Fabric Audit allows you to analyze your Security Fabric deployment to identify potential vulnerabilities and highlight best practices that could be used to improve your network’s overall security and performance. See Security Fabric Audit and Fabric Score on page 32.
Re-designed Dashboard
The Dashboard has been enhanced to show more information with greater flexibility and more functionality. See New Dashboard Features on page 40 for details.
NGFW Policy Mode
You can operate your FortiGate in NGFW policy mode to simplify applying Application control and Web Filtering to firewall traffic. See NGFW Policy Mode (371602) on page 57.
Flow-based inspection with profile-based NGFW mode is the default inspection mode in FortiOS 5.6.
Transparent web proxy
In addition to the Explicit Web Proxy, FortiOS now supports a Transparent web proxy. You can use the transparent proxy to apply web authentication to HTTP traffic accepted by a firewall policy. See Transparent web proxy (386474) on page 49.
Controlled failover between wireless controllers
Administrators can now define the role of the primary and secondary controllers on the FortiAP unit, allowing the unit to decide the order in which the FortiAP selects a FortiGate unit and how the FortiAP unit fails over to a backup FortiGate unit if the primary FortiGate Fails. See Controlled failover between wireless controllers on page 68.
FortiView Endpoint Vulnerability chart
A new FortiView chart that tracks vulnerability events detected by the FortiClients running on all devices registered with the FortiGate. See New FortiView Endpoint Vulnerability Scanner chart (378647) on page 61.
FortiClient Profile changes
FortiClient profiles have been re-organized and now use the FortiGate to warn or quarantine endpoints that are not compliant with a FortiClient profile. See FortiClient Profile changes (386267, 375049).
Adding Internet services to firewall policies
Internet service objects can be added to firewall policies instead of destination addresses and services. See Adding Internet services to firewall policies (389951).
Source and destination NAT in a single Firewall policy
Extensions to VIPs support more NAT options and other enhancements. See Combining source and destination NAT in the same policy (388718).
Other highlights
l Application Control is a free service l Real time logging to FortiAnalyzer and FortiCloud l Multiple PSK for WPA Personal (393320) l VXLAN support (289354) l NP6 Host Protection Engine (HPE) to add protection for DDoS attacks (363398) l FortiGate Logs can be sent to syslog servers in Common Event Format (CEF) (300128) l New PPPoE features