FortiOS 4.0 is here!

Long-awaited FortiOS 4.0 is finally published on the Support FTP. Brief list of new features:

• Redesigned web UI
• Supports Data Leak Prevention (DLP) Feature
• DHCP over IPSec Interface Support
• Supports Power Supply Monitoring
• WCCP v2 Support
• SNMPv3 Support
• Customized GUI Control
• Enhanced Load Balance Feature
• Supports WAN Optimization and Web Cache Feature
• Redesigned SSL-VPN Web Portal
• Supports HTTP POST Blocking
• Supports Rogue Access Point Detection Feature
• Supports Addition web UI Widgets
• Supports Identity Based Firewall Policies
• Supports Policy Based Traffic Shaping
• Support for IPv6 Intrusion Protection
• Supports "ANY" Interface for Firewall Policies.
• Supports Administration over Modem Interface
• Enhanced Central Management Communication Model
• Redesigned IPS Feature
• RADIUS Feature Enhancements
• Enhanced Application Control Feature
• Configurable VDOM Resource Limits
• Redesigned SNMP MIBS
• Logging Improvements
• Introduction of AntiSpam Engine
• Endpoint Control Feature
• SSL Content Scanning and Inspection
• Administration Over Modem
• Network Access Control (NAC) Quarantine

We will cover these features in details in coming days...

FortiGate-110C Is Coming To Town

After Fortinet updated SOHO and Enterprise solutions with FortiGate-50B/60B and FortiGate-310B most of us were waiting for some SMB solution to fit in the middle. One of the main problem of mid-class products of Fortinet was absence of Gigabit Ethernet ports on SMB devices. Also price/performance of FortiGate-100A and 200A was quite poor when compared to 60B model.


Recently we found on few sites information regarding upcoming FortiGate-110C model that should fill in the gap...



So in short FG-110C will have:

• 2 x 10/100/1000 Ethernet Ports
• 8 x 10/100 Ethernet Ports
• Firewall Performance - 500Mbps
• IPS Performance - 200Mbps
• VPN Performance - 100Mbps (and 1500 IPSec VPN tunnels)
• Antivirus Performance - 65Mbps
• Number of sessions - 400,000 (10,000 new sessions/second)

When combined together these features provide unique combination that will allow Fortinet to better compete in the SMB segment. However low performance numbers on FW/VPN will limit the impact of new product launch as most of FW/VPN vendors already have the same horsepower in much smaller and cheaper devices. Let's hope that Fortinet intentionally left 200's index free and we will see a 200A's replacement quite soon.

There is no official pricing available yet, but some of the sites are already offering it at less than 2000 GBP including 1-Year Bundle Support.

Preliminary datasheet is available here or here.

FortiGate FortiOS 3.0 MR7 is comming...

According to our information FortiOS 3.0 Maintenance Release is scheduled for July 2008, be ready! We just got an information on new features to be included in MR7:

• AMC Cards configuration support: you can configure AMC card parameters even when card is unplugged.
• USB modems support extended from SOHO models only to all models - that means that you can use 3G/HSDPA/EV-DO backup with any FG unit (just make sure that your USB modem is compatible with FortiOS).
• ToS-based routing: you can specify routing according to the Type-of-Service bits of IP Packet when using Policy Based Routing.
• L2TP VPN Client support.
• E-mail archiving to FortiGuard Analysis&Management Service in addition to dedicated FortiAnalyzer appliance.
• Single Sign-On (FSAE) Extensions: Novell E-Directory is supported in addition to Microsoft Active Directory. Also AD integration was updated in order to provide support for users with fast changing IP addresses.
• SSL VPN Client Standalone installer is provided as an option instead of ActiveX control on the Web Portal
• SSL VPN client now supports Linux and MacOS in addition to Windows
• MR7 got a IPv6 "Phase 2" ready, ICSA SSL-VPN and Microsoft FSAE Certifications.

FortiMail 3.0 MR3 - Better Stats, MTA & Spam Engine

Fortinet recently Released a Maintenance Release 3 for FortiMail 3.0 with many new features improving statistics display, mail storage & forwarding enhancements and new spam defence mechanisms.

System Enhancements:

• Real Time Email Statistics Mail statistics can now be displayed in real time with historical hourly, daily, monthly and yearly reports available.
• Improved Backup and Restore Capability Backup and restore capability now extended to include black/white lists (user, domain, system and session) and custom messages in addition to the system configuration.
• Mail Storage Performance Improvements
• Tiered Admin when in Server Mode
• Increased Number of Admin domains
• Override server can be specified for FortiGuard updates and queries.
• Logging enhancements Received IP and name/date stamping and file type details added to log message format. In addition log messages have been extended to avoid truncation of information.
• SNMP Monitoring HA Monitor variable introduced – requires an updated MIB file.
  

Mail Handling Enhancements:

• Enhanced Access Control Rules Provides the ability to limit access based on sender/recipient email or IP address.
• Enhanced Address Mapping at domain / sub-domain level
• Multiple IP selection for outgoing email
• Deferred Queue Management Controls
• Support for intermediate CA Certificate handling
• Option to disable ESMTP support
• Secondary LDAP Server support
• LDAP cache handling performance enhancements

AntiSpam Enhancements:

• Sender Policy Framework (SPF), DomainKeys, DomainKeys Identified Mail (DKIM)
• Centralised Quarantine
• Central Administration of User Preferences
• Domain Level Black and White lists
• Quarantine Search Capability
• Allow domain level timing for release message
• Content level white listing, for message body or subject line.
• Support for local FortiManager database query

WEBMAIL Enhancements:

• Quarantine Alias
• Multi-Language Support, default language, customized languages
• Folder Support
• User level option to disable SPAM report

MR6 brings IPv6 Support to FortiGate Web UI

While not mentioned in the release notes MR6 provides support for IPv6 configuration in the WebUI. In order to start using it you have to enable "IPv6 Support on GUI" in System > Admin > Settings.

Please note that you can also change port number for SSL VPN portal in Web UI.

After you enabled IPv6 support in Web UI you can see IPv6 in address & policy configuration:


You can also see IPv6 routing table in Router > Monitor.

FortiGate FortiOS 3.0 MR6 Build 660 is out

This morning Fortinet made available a new Maintenance Release 6 version of FortiOS 3.0. Only brief list of enhancements is currently available, we will review them in more details shortly:

• Support Multiple Antivirus Databases
• Advanced Load Balance Features
• User Interface Enhancement
• MIB Extensions for RTM
• Profile Based IPS Sensors
• Authentication Adjustment
• Read-only super_admin
• TACACS+ Support
• Authentication-Based Routing
• VDOM GUI Enhancement
• Control MSN over HTTP Proxy
• FSAE Enhancements
• SSL Tunnel Extension
• Antivirus File Typing
• VDOM Admin Authentication via RADIUS
• Modem AT Commands via CLI
• AMC Disk Extension
• PING Server for HA Failover
• Soft Switch Interface Mode

In addition FortiAnalyzer software 3.0 MR6 was posted on support FTP, but no information regarding new features available at the moment.

FortiMail Updates Provide Better Spam Filtering And Easier Administration

After initial release of FortiMail 3.0 Fortinet recently provided 2 updates (Maintenance Release 1 & 2), which not only fixes some of the bugs, but also provides new spam filtering technologies and easier configuration options.

FortiMail 3.0 Maintenance Release 1 provides the following spam scanning enhancements:

• PDF Scanning that combines heuristic rules and image recognition technology
• Deep Header Scanning checks all message transmission path by examining e-mail "Received" headers
• Dynamic Heuristic Rules: instead of statically configured rules in previous versions MR1 uses FortiGuard infrastructure to deliver rules updates on the fly for better handling of new spam variants

FortiMail 3.0 Maintenance Release 2 is mainly focused on UI improvement. While ISP and MSSP users like highly customizable approach of FortiMail configuration many corporate users complained about configuration difficulties when only one domain with one security policy was needed. In order to help such customer MR2 introduces new management modes and wizards:

• Quick Start Wizard is added that provides streamlined step-by-step configuration for single e-mail domain environments
• 2 Management modes introduced: basic and advanced. Advanced mode is the same as previously available while basic mode is ideal for easier installation when only subset of full FortiMail functionality is needed.
• 2 Predefined Reports are added for statistics on previous day and last week
• High Availability settings are enhanced with HA Recovery mode setting

FortiMail 3.0 Maintenance Release 2 (MR2 Build 199) is available for download from support site.