Web filter This section describes FortiGate web filtering for HTTP traffic. The three main parts of the web filtering function, the Web Content Filter, the URL Filter, and the FortiGuard Web Filtering Service interact with each other to provide maximum control over what the Internet user can view as well as protection to your network […]
Custom Application & IPS Signatures Creating a custom IPS signature The FortiGate predefined signatures cover common attacks. If you use an unusual or specialized application or an uncommon platform, add custom signatures based on the security alerts released by the application and platform vendors. You can add or edit custom signatures using the web-based manager […]
In case you guys haven’t heard the news yet, Fortinet has released the FortiGate 6040E. This is a pretty handy firewall that helps Enterprise organizations achieve the level of UTM/NGFW functionality they need without having to spend obscene amounts of money on hardware capable. This device is substantially stronger, has modified management capabilities and can […]
FGSP now supports synchronizing IPsec sessions The FGSP now synchronizes IPsec tunnels between FortiGates in an FGSP configuration. IPsec tunnel synchronization synchronizes keys and other run time data between the FortiGates in an FGSP configuration. No additional configuration is required to synchronize IPsec sessions. Also you cannot disable IPsec session synchronization.
FGSP CLI command name changed The FortiOS 5.2 command config system session-sync has been changed in FortiOS 5.4 to config system cluster-sync. Otherwise the command syntax is the same and the config system ha commands used for FGSP settings have not changed.
HA heartbeat traffic set to the same priority level as data traffic Local out traffic, including HA heartbeat traffic, is now set to high priority to make sure it is processed at the same priority level as data traffic. This change has been made because HA heartbeat traffic can be processed by NP6 processors that […]
Firewall local-in policies are supported for the dedicated HA management interface To add local in polices for the dedicated management interface, enable ha-mgmt-inft-only and set intf to any. Enabling ha-mgmt-intf-only means the local-in policy applies only to the VDOM that contains the dedicated HA management interface. config firewall local-in-policy edit 0 set ha-mgmt-intf-only enable set […]
If you were one of those people, like me, that would have application control sessions blocked after a failover on HA then 5.4 may be beneficial for you! See below! VOIP application control sessions are no longer blocked after an HA failover (273544) After an HA failover, VoIP sessions that are being scanned by application […]