Fortinet 16 FortiWeb 5.0 Patch 6 Administration Guide
What’s newThe list below contains features new or changed since FortiWeb 5.0. For upgrade information,
see the Release Notes available with the firmware and “Updating the firmware” on page 77.
FortiWeb 5.0 Patch 6
• No new features. Bug fixes only.
FortiWeb 5.0 Patch 5
•RADIUS vendor-specific attributes for access profiles — If your administrator accounts
authenticate via a RADIUS query, you can assign their access profile using RFC 2548
Microsoft Vendor-specific RADIUS Attributes. See Access Profile in “Administrators” on
page 212 and “Configuring RADIUS queries” on page 233.
FortiWeb 5.0 Patch 4
•Bulk edits for parameter validation rules — Rather than individually editing each rule, you
can now replace the Action, Trigger Policy, and/or Severity of multiple rules simultaneously.
See “Bulk changes to input validation rules” on page 428.
•Namibian time zone support — System time and date settings now support the Namibian
time zone. See “Setting the system time & date” on page 91.
FortiWeb 5.0 Patch 3
• No new features. Bug fixes only.
FortiWeb 5.0 Patch 2
•Hidden fields protection for HTTPS — You can now use the Fetch URL dialog in the GUI to
help you tamper-proof hidden inputs in HTTPS requests. See “Preventing tampering with
hidden inputs” on page 430.
•Indicating original service to back-end servers— When offloading SSL/TLS, you can now
use an HTTP X-header to indicate to back-end web servers that the original client’s request
was, in fact, encrypted. See “Indicating to back-end web servers that the client’s request
was HTTPS” on page 269.
•More Microsoft file types for file upload restrictions — There are now signatures
specifically for Microsoft Office Open XML file types such as .docx. See “Limiting file
uploads” on page 451.
•Per CPU SNMP queries— You can now monitor the usage of each CPU in multi-CPU
appliances. See “MIB support” on page 586.
•NMI and COMlog support — FortiWeb 3000D, 3000DFsx, and 4000D models that have
NMI buttons now have firmware support. This can be useful for carriers that require
extensive debugging capabilities. See your model’s QuickStart Guide and the FortiWeb NMI
& COMlog Technical Note.
•RAM-only traffic log support — To reduce wear and tear on your hard disks when you
require traffic logs, you can now disable hard disk storage of traffic logs and use RAM only.
See the FortiWeb CLI Reference.