Support HTTP policy for flow-based inspection (411666) It is possible to impliment an HTTP-policy in a VDOM that is using the Flow-based inspection mode. Enabling the HTTP-policy causes the traffic to be redirected to WAD so that the traffic can be properly matched and processed.
NGFW mode in the VDOM – NAT & SSL Inspection considerations (407547) Due to how the NGFW Policy mode works, it can get complicated in the two areas of NAT and SSL Deep Inspection. To match an application against a policy, some traffic has to pass through the FortiGate in order to be properly identified. […]
Changes to SSL abbreviate handshake (407544) The SSL handshake process has changed to make troubleshooting easier. In order to better identify which clients have caused SSL errors, the WAD SSL log will use the original source address rather than the source address of packets. l The return value of wad_ssl_set_cipher is checked. The wad_ssl_session_match has […]
Internet service configuration (405518) To make the CLI configuration of Internet service configuration more intuitive, the settings for Internet service in Explicit Web proxy are closer to those in the Firewall police. An Internet service enable switch has been added to the Explicit Web proxy with the same text description as the Firewall policy. CLI: […]
AWS API integration for dynamic firewall address object (400265) Some new settings have been added to the CLI that will support instance information being retrieved directly from the AWS server. The IP address of a newly launched instance can be automatically added to a certain firewall address group if it meets specific requirements. The new […]
Firewall (5.6) New firewall features added to FortiOS 5.6. Optimization of the firewall Service cache (355819) In order to improve the efficiency and performance of the firewall Service cache, the following improvements have been made: The logic behind the structure of the cache has been simplified. Instead of storing ranges of port numbers, we store […]
Firewall (5.6.1) New firewall features added to FortiOS 5.6.1. Improvement to NAT column in Policy List Display (305575) The NAT column in the listing of Policy can provide more information than before. Previously the field for the policy in the column only showed whether NAT was Enabled or Disabled. With the new improvements, not only […]
Explicit web proxy (5.6) New explicit web proxy features added to FortiOS 5.6. Explicit proxy supports multiple incoming ports and port ranges (402775, 398687) Explicit proxy can now be configured to listen on multiple ports on the same IP as well as listen for HTTP and HTTPS on those same (or different) ports. Define the […]