FortiAnalyzer 3.0 MR2 (Maintenance Release 2) Build Changed

Please be aware that on August 29th Fortinet silently updated FortiAnalyzer 3.0 MR2 code. Build 364 is removed from support FTP and Build 365 placed instead.

It is strongly recommended to check which build you are running and if you have a Build 364 on your machine update it to a newer Build 365, which is now an official MR2 Build.

There is no exact information about Build change, probably some minor fixes.

FortiGate FortiOS 3.0 MR2 Build 318 (Maintenance Release 2) is out

Fortinet just released Maintenance Release 2 version of FortiOS 3.0 for all FortiGate devices. In addition to numerous bugs fixed it provides some new functionality:

• Drag-and-drop policy reordering: While editing policies in Firewall->Policy you can simply grab a policy with a mouse and move it to a new location with a mouse. Simple and looks nice!
• Drag-and-drop works also in Web Filter URL list
• Columns button in a top right corner of policy list can be used to add/hide additional columns. For example you can add Protection Profile column and easily see Protection Profiles assigned to each policy
• Authentication Keep-alive page is now being used after FortiGate authenticated the user to keep a session from timing out
• Run only configuration allows you to edit configuration without saving it to the flash. This is extremely useful when experimenting with a remote box: if you will loose the box due to erroneous configuration just ask someone to recycle power and box will boot up with old config. Don't forget to return to standard mode once you finished configuring the box.
• DHCP Renew and PPPoE Reconnect slightly reworked
• Static ARP entries: when working in NAT mode you can staticly bind ARP entries via CLI
• FortiGuard status indicators redesigned for better representation of service availability
• Changing default ports for TELNET and SSH: finally you can change ports for TELNET and SSH servers, this can be done via CLI only
• Loopback Interface: you can use virtual Loopback interfaces for easier dynamic routing configuration or as a source for IPSec tunnel
• Uninterpretable firmware upgrade in HA mode: cluster member upgrades themselves one by one without interrupting traffic!
• Equal Cost Multi-Path Routes can be used to load-balance traffic between multiple interfaces on a per-session level
• Enhanced H.323 support
• Multiple IP Pools in firewall policy can be configured via CLI for noncontagious pools support
• Log&Report part redesigned
• When using FQDN based policies FortiGate actively queries DNS servers instead of monitoring passing DNS traffic

More information provided in Release Notes document

Inbound Traffic Shaping per Interface

Traffic shaping prior to FortiOS v3.00 was performed on a per firewall policy basis. Starting from FortiOS 3.0 MR1 FortiGate supports limiting the amount of inbound traffic on an interface.

The CLI command to enable inbound traffic is:

conf sys int

• edit port1
• set inbandwidth 99

end

An inbandwidth value of zero (kilobytes per second) means unlimited - no inbound traffic shaping configured.

FortiClient 3.0 updated to MR1

Fortinet recently released new build of FortiClient version 3.0. It is available for download now.