Server Load balancing (5.6.1)

New load balancing features added to FortiOS 5.6.1.

Add server load balancing real servers on the Virtual Server GUI page (416709)

In previous versions of the FortiOS GUI, after adding a Virtual Server you would go to Policy & Objects > Real Servers to add real servers and associate each real server with a virtual server.

In FortiOS 5.6.1 you now go to Policy & Objects > Virtual Servers, configure a virtual server and then from the same GUI page add real servers to the virtual server. In addition, on the Virtual Server GUI page the option Outgoing Interface is renamed Interface and the load balancing method Source IP Hash has been renamed

Static.

Server Load balancing

New custom IPS and Application Control Signatures list (280954)

You can now create IPS and Application control custom signatures by going to Security Profiles > Custom Signatures. From here you can create and edit all custom IPS and Application Control signatures.

FortiGate conserve mode changes (242562, 386503)

The following changes were made to rework conserve mode and facilitate its implementation:

• Implemented CLI commands to configure extreme, red, and green memory usage thresholds in percentages of total RAM. Memory used is the criteria for these thresholds, and set at 95% (extreme), 88% (red) and 82% (green).
• Removed structure av_conserve_mode, other changes in kernel to obtain and set memory usage thresholds from the kernel
• Added conserve mode diagnostic command diag hardware sysinfo conserve, which displays information about memory conserve mode.
• Fixed conserve mode logs in the kernel
• Added conserve mode stats to the proxy daemon through command diag sys proxy stats all | grep conserve_mode

Webcache-https and SSL deep inspection profile configuration changes (381101)

In older releases, the CLI blocked the configuration of the SSL deep inspection profile when webcache-https was enabled. This bug is fixed in FortiOS 5.6.0.

Web Filter Quota traffic can no longer be set to 0 (374380)

To fix a bug in older major release, the CLI has been changed so that minimum traffic quota does not allow 0 as an entry. The value entered must be in the range of 1 – 4,294,967,295; if 0 is entered, then an error message will be returned.

CLI Commands:

config webfilter profile edit default config ftgd-wf config quota edit 1 set type traffic set value {a number in the range of 1 – 4,294,967,295}

Web Filter profile page GUI updates (309012)

The GUI for the Web Filter security profile and Web Profile Overrides pages are changed.

Web Filter profile page

• removed multilist for override user group and profile l replaced FortiGuard categories actions icons with font icons
• added tooltip for Allow users to override blocked categories to explain the policy group dependency Web Profile Overrides page
• removed multilist of user, user group, original profile, new profile l duplicate profile for new profile (for bug #284239)

DLP sensor GUI changes (307225)

The DLP sensor for file size has been corrected to indicate that the file size has to be greater than the number of KB entered. Previously, the GUI incorrectly showed that the files size could be greater than or equal to the number of KB entered.

Enhancements to IPS Signatures page (285543)

The IPS signatures list page now shows which IPS package is currently deployed. Users can also change their IPS package by linking directly to the FortiGate’s System > FortiGuard page from the IPS Signatures list page.