Security Profiles (5.6)

New security profile features added to FortiOS 5.6.

New FortiGuard Web Filter categories (407574)

New categories added to FortiGuard Web Filter sub-categories:

• Under Security Risk:
• Newly Observed Domain (5.90) l Newly Registered Domain (5.91)
• Under General Interest – Business l Charitable Organizations (7.92) l Remote Access (7.93) l Web Analytics (7.94) l Online Meeting (7.95)

Newly observed domain (NOD) applies to URLs whose domain name is not rated and were observed for the first time in the past 30 minutes.

Newly registered domain (NRD) applies to URLs whose domain name was registered in the previous 10 days.

Overall improvement to SSL inspection performance (405224)

The enabling / disabling of proxy cipher / kxp hardware acceleration in CP8/CP9 required restarting of the WAD daemon for the change to take effect; this bug has been repaired.

New CLI commands

The FortiGate will use the ssl-queue-threshold command to determine the maximum queue size of the CP SSL queue. In other words, if the SSL encryption/decryption task queue size is larger than the threshold, the FortiGate will switch to use CPU rather than CP. If less, it will employ CP.

config firewall ssl setting set ssl-queue-threshold <integer>

end

The integer represents the maximum length of the CP SSL queue. Once the queue is full, the proxy switches cipher functions to the main CPU. The range is 0 – 512 and the default is 32.

FortiClient Endpoint license updates (401721)

FortiClient endpoint licenses for FortiOS 5.6.0 can be purchased in multiples of 100. There is a maximum client limit based on the FortiGate’s model. FortiCare enforces the maximum limits when the customer is applying the license to a model.

If you are using the ten free licenses for FortiClient, support is provided on the Fortinet Forum (forum.fortinet.com). Phone support is only available for paid licenses.

Older FortiClient SKUs will still be valid and can be applied to FortiOS 5.4 and 5.6.