Security Profiles (5.6)
New security profile features added to FortiOS 5.6.
New FortiGuard Web Filter categories (407574)
New categories added to FortiGuard Web Filter sub-categories:
- Under Security Risk:
- Newly Observed Domain (5.90) l Newly Registered Domain (5.91)
- Under General Interest – Business l Charitable Organizations (7.92) l Remote Access (7.93) l Web Analytics (7.94) l Online Meeting (7.95)
Newly observed domain (NOD) applies to URLs whose domain name is not rated and were observed for the first time in the past 30 minutes.
Newly registered domain (NRD) applies to URLs whose domain name was registered in the previous 10 days.
Overall improvement to SSL inspection performance (405224)
The enabling / disabling of proxy cipher / kxp hardware acceleration in CP8/CP9 required restarting of the WAD daemon for the change to take effect; this bug has been repaired.
New CLI commands
The FortiGate will use the ssl-queue-threshold command to determine the maximum queue size of the CP SSL queue. In other words, if the SSL encryption/decryption task queue size is larger than the threshold, the FortiGate will switch to use CPU rather than CP. If less, it will employ CP.
config firewall ssl setting set ssl-queue-threshold <integer>
The integer represents the maximum length of the CP SSL queue. Once the queue is full, the proxy switches cipher functions to the main CPU. The range is 0 – 512 and the default is 32.
FortiClient Endpoint license updates (401721)
FortiClient endpoint licenses for FortiOS 5.6.0 can be purchased in multiples of 100. There is a maximum client limit based on the FortiGate’s model. FortiCare enforces the maximum limits when the customer is applying the license to a model.
|Model(s)||Maximum Client Limit|
|FGT/FWF 30 to 90 series||200|
|FGT 100 to 400 series||600|
|FGT 500 to 900 series, VM01, VM02||2,000|
|FGT 1000 to 2900 series, VM04||50,000|
|FGT 3700D and above, VM08 and above||100,000|
Older FortiClient SKUs will still be valid and can be applied to FortiOS 5.4 and 5.6.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!