FortiMail 3.0 Avaialble for Download

FortiMail version 3.0 (announced few days ago) is available for download from support FTP. You can also try a Web-based demo if you know a secret password.

Fortinet announces FortiMail Version 3.0

On August 3rd Fortinet posted documentation and release noted for the new version of FortiMail - long awaited 3.0. These version is not available for download yet, but based on release notes it looks like this version should be 2.9, not a 3.0 as there are no major improvements in this versions.

It looks like Fortinet would like to have all products to be branded as version 3.x and this is the only reason to switch from 2.x to 3.x

According to documents released FortiMail 3.0 have the following new functionality:

• Upgraded kernel to address software RAID issues on the FortiMail-400
• A global Bayesian database
• Multiple antispam actions per antispam profile
• System quarantine support for outgoing email
• Bayesian scan support for outgoing email
• GUI access for the system quarantine administration user
• Email alias enhancements to allow an alias list to contain itself as a member
• Aggressive image scanning
• RBL renamed to DNSBL
• Domain configuration enhancements to allow the local domain to be the same as the mail server's domain
• DDNS enhancements
• Relay server SMTP authentication support
• GUI enhancements to allow accessing a profile directly from the policy page
• Support for a second syslog server
• Support for AV updates through an HTTPS proxy
• Greylisting improvements to make the initial expiry period configurable, increase the supported greylist database entries on high end units and bypass greylisting for an authorized client
• An option to reset custom messages to defaults
• Support to customize the spam report subject line and the Webmail login banner
• A re-ordering of the black/whitelist processing order
• Dictionary and banned word logging improvements to add the word that triggered the filter to the log message
• Portuguese language support added for Webmail

FortiOS 3.0 MR5 for FG-50A & FG-60 (Release Candidate)

During last few weeks most of FG-50A and FG-60 owners were filling stressed and unhappy. There were even some rumors that Fortinet will not support current users of low-end models and they will be forced to upgrade to FG-50B or FG-60B. The reason for this was absence of new build for low-end FortiGate's, MR4 & MR5 were released without FortiGate-50A/60 builds.

Finally Fortinet revealed a release candidate of memory-optimized build of MR5 for low-end models:

• FortiGate-50A
• FortiGate-60/60M/60ADSL
• FortiWiFi-60/60A/60AM

Build is available for download from Support FTP. Please note that this build is still a Release Candidate 4/Beta build and it is not recommended for production systems. Build number is 0559.

We already downloaded and installed this build to one of our test boxes. Memory usage is slightly higher that with Memory-Optimized build of MR3 (66% against 57% in our configuration with several VDOM's), but it is still OK for most of SMB/SOHO applications.

For those who are still on MR3 these build brings features of both MR4 and MR5:

• New Dashboard with customizable layout
• Enhanced VDOM's: changed configuration and per-VDOM Protection Profiles
• Authentication now can be tuned per protocol and performed per single policy
• Packets/Bytes counters per policy
• PKI Authentication Enhancements
• Better VoIP support with SIP, SIMPLE and SCCP (Cisco Skinny)
• FortiGuard Management&Analysis Service Support
• Interface Aliases
• Support of any USB Flash Disk (Only FortiUSB branded disks were supported before)
• Many Routing Enhancements for NAT, Multicast, OSPF and BGP
• IPv6 IPSec support
• and many more!

FortiGate-60B Full Specification - Compared to FG-60

There are no FG-60B specifications and data sheets on the official Fortinet site, but we see more and more information coming on distributors' sites.

Here is the full comparison of new FortiGate-60B to older FortiGate-60:

Parameter	FortiGate-60B	FortiGate-60
LAN Switch Interfaces	6	4
WAN Interfaces	2	2
DMZ Interfaces	1	1
Analog Modem	Yes	On FG-60M
WiFi Interface	On FW-60B	On FW-60
Built-in ADSL Modem	No	On FG-60ADSL
USB Ports	2	2
PC Card Slot	Yes	No
RAM	256MB	128MB
Firewall Performance	100Mbps	70Mbps
3DES VPN Performance	64Mbps	20Mbps
Antivirus Throughput	20Mbps	15Mbps
Maximum Session	70,000	50,000
New Sessions/Second	3,000	2,000
VPN Tunnels	50	50
Dimensions (HxWxL)	1.75x10.87x6.13in	1.38x8.63x6.13in
Weight	5.5 lbs (2.5 kg)	1.5 lbs (0.68 kg)

As you can see FortiGate-60B adds more power, but you should note that it is bigger and heavier (the same size as FortiGate-100).

FortiAnalyzer now supports ext3 File System

Starting from version 3.0 MR3 FortiAnalyzer supports ext3 file system in addition to Resier file system used before. EXT3FS provides much better stability and it is recommended to upgrade FS used on all FortiAnalyzer units. To do this you need to reformat disks or change RAID level which will cause all information to be erased.

Please check the Release Notes document before formatting disks as you will need to restore RVS Engine & Plugins afterwards. Also doing a backup before formatting disks is highly recommended.

Starting from MR4 you can also speed-up the FortiAnalyzer by indexing ext3 file system: this is done by "diagnose sys filesystem fsfix" CLI command. Please note that this command execution will reboot FortiAnalyzer and might take time.

FortiGate-60B Adds More Power and 3G HSDPA/EV-DO Connectivity

After Fortinet officially announced FortiGate-50B and FortiWiFi-50B most of the people were waiting for FG-60 replacement. It is not on the Fortinet's Web-Site yet, but some sites are already showing information regarding upcoming FortiGate-60B and FortiWiFi-60B.

According to non-confirmed information FortiGate-60B provides following advantages over older FG-60:

• More Ports: 6-port switch on Internal interface instead of 4. Also 2xWAN and DMZ ports as on FG-60.
• More Power: Significantly increased CPU/ASIC power: FW Performance 100Mbps, 3DES VPN Performance 64Mbps, AV Performance 20Mbps.
• More Memory: FG-60B have 256MB RAM, you can forget about 80% memory usage right after start-up.
• More Connectivity: FG-60B comes with built-in analog modem (previously available only on separate model FG-60M) and PCMCIA open slot for 3G UMTS/HSDPA/EV-DO card (card is not included). There is no detailed information available on cards/operators supported. FortiWiFi-60B comes with 802.11 a/b/g Access Point built-in.

To summarize: Fortinet delivers a new SOHO/Branch Office device that brings together all UTM Functionality (Firewall, IPSec & SSL VPN, IDS/IDP, Anti-Virus, Anti-Spam) plus gives you 2 WAN connections for regular Internet connections, analog and/or 3G backup connection and WiFi.

FortiGate-60B have the same size and looks as older FortiGate-60.

On 17.07.2007 Fortinet posted an official FortiOS 3.0 MR5 Build 559 for FortiGate-60B and FortiWiFi-60B on their support site.

Using FortiClient? Upgrade to 3.0 MR5 now!

FortiClient 3.0 MR5 finally supports differental updates - it downloads only differences since lsat version. That means that you do not have to download 20MB+ definitions file every day. Delat fies are about 50KB in size.

Also because of this you can enable hourly AV update - this is quite important as new worms are spreading rapidly now and daily updates can leave you unprotected!

In addition you will get few additional nice features:

• Better AV scanning performance
• Automatic scanning of new removable media
• Critical FortiClient patches will be downloaded and installed automatically
• Per-user Web Filtering profiles
• Startup list monitoring on 64-bit Windows
• Config lock-down with a password
• No need to reboot after first installation (you will still have to reboot after upgrading from previous version)
• Windows Server 2008 Beta and Citrix supported

Why wait? Go and upgrade now!

Windows Media Player on Checkpoint UTM-1

This post is not about FortiGate, but about Fortinet competitor - Checkpoint. Newly released UTM-1 appliance can be used not only as a Firewall, but you can also watch video on it. Look how simple is that.



Don't try it with your FortiGate ;)

Memory Optimised Build for FortiGate-50A/60

Finally Fortinet released a memory optimised version of FortiOS 3.0 MR3 for low-end devices (FortiGate-50A, FortiGate-60/60M/60ADSL and FortiWiFi-60/60A/60AM). This build is based om FortiOS 3.0 MR3 Patch 7 (Build 0410).

According to number of people who already deployed this build memory usage drops significantly: from ~80% to ~60%.

Memory Optimised Build 410 is available for download from Tech Support FTP.