Few additional features in FortiOS 3.0 MR Release Candidate

There are few additional features that I just discovered in addition to those described in a previous post.

• Port for Telnet and SSH can be changed via WebUI. In addition you can enable SCP for secure file transfer
• Addresses can be bound to specific interface
• When configuring Operation Mode (NAT/Transparent) you can click a check box to use Asymmetric routing
• You can group several VIPs with "VIP Group" option
• Multicast configuration tab added to Dynamic Routing configuration

FortiGate FortiOS 3.0 MR3 RC1 Build 388 (Maintenance Release 3, Release Candidate 1) is out

Fortinet just published a FortiGate FortiOS 3.0 MR3 RC1 Build 388 (Maintenance Release 3, Release Candidate 1) on the support FTP.

Please be aware that this is an interim build: do not use it in a production environment unless technical support asks you to do it in order to resolve some specific issues.

What's new in this build:

• Nice menu opening animation ;)
• You can add "section headers" into your policy table in order to separate some blocks of policy - i.e policies for particular customer, policies for specific server, etc. Also you can select which colums to display and filter policies by any field.
• You can easily specify multiple addresses or services in a policy without creating a group - to do it simply click "Multiple" button next to the appropriate combo box.
• URL filtering now works not only for HTTP, but also for encrypted HTTPS
• AntiVirus scanning now works for NNTP (Network News Transfer Protocol)
• Most of the lists supports creation of several separate lists and then attaching different lists to different policies (in previous builds of FortiOS 3.0 it was supported only starting from FortiGate-800 model, now it is possible on all models): File Pattern Block List, URL Block Lists (Web content Block, Web Content Exempt, URL Filter) , Anti-Spam Block Lists (Banned Words, IP Address Black/White List, E-mail Address Black/White List)
• Status Dashboard slightly reworked: small CLI Console added directly to a dashboard, you can expand it to a full window and edit colors by clicking small icons in top right corner; also number of administrators logged in is now shown in a "System Information" section, not on a bottom bar.
• SSL VPN now supports VNC and RDC remote terminals via built-in Java client

Fortinet changes Release Management Process: Release Candidates are available now!

Starting from now Fortinet makes available "Candidate Release" builds of FortiOS software via support FTP site. If you are running Candidate Release you will immediately notice big "Candidate Release" banner on top of WebUI.

Warning: please be careful before installing Candidate releases in a production environment, these builds are targeted to a lab environment. Please read "Who should use these build" section below before installing it!

What is a Candidate Release?

A part of Fortinet's Release Management Process is to make available builds of product firmware (FortiOS, FortiAnalyzer, FortiManager, etc.) specifically for evaluation and feedback. Obtaining comments on how the firmware functions in a variety of environments is crucial to improving the quality. To that end, Fortinet releases preliminary builds, called "Candidate Releases", to its customers (external and internal) for the purpose of gaining insight on the quaility of the firmware. This is done at various stages of the maintenance release test cycle. Starting with FortiOS v3.00 MR3, the Release Management Process has included adding a label at the top of the Web UI - "MRx Candidate y" - PD builds will have the label removed. B0388 has been qualified to the point where QA has approved it for release as CR and thus the label reads "MR3 Candidate 1".

Who should use these builds?

Fortinet encourages customers who need a certain bug fix or wish to test the latest software to load the build, verify its functionality, and provide us with feedback. However, Fortinet does not guarantee uninterrupted or error-free operation of the firmware therefore, if your network is considered mission-critical and can not tolerate any risk, then MR3 Candidate1 is not recommended. You should wait for the official release of the firmware.