Fortinet 5.0 Patch 6

Fortinet 17 FortiWeb 5.0 Patch 6 Administration Guide

FortiWeb 5.0 Patch 1

•Site publishing— You can now easily publish Microsoft Outlook Web Access (OWA),

SharePoint, Lync and other web applications. FortiWeb streamlines access to the

applications by providing offloaded authentication with optional single sign-on (SSO)

functionality. See Site Publish and “Single sign-on (SSO)” on page 243.

•“Alert Only” action for individual signatures — To provide better flexibility, you can now

choose an Alert Only action for individual attack signatures. When configuring a protection

profile, save it, then return to it and click the Advanced Mode button. Select a signature

category from the menu. When individual signatures appear in the pane on the right, click

the signature’s row to select it, then mark the Alert Only check box in the Signature tab. See

“Configuring action overrides or exceptions to data leak & attack detection signatures” on

page 398.

•Attack signature filters — In the Advanced mode while configuring attack signatures, in the

bottom of the navigation tree on the left, new categories have been added that display

individual signatures that have been disabled, or whose Alert Only check box is marked.

Previously, the Search item in the tree only enabled you to search for signature IDs. See

“Finding signatures that are disabled or “Alert Only”” on page 401.

•Custom global white list objects— You can now add your own URLs, parameters, and

cookies that you don’t want FortiWeb to inspect. Previously, you could only white list

predefined objects. See “Configuring the global object white list” on page 464.

•Advanced/combination access control rule enhancement— When configuring HTTP

header conditions for combination access control rules, regular expressions are now

supported. See “Combination access control & rate limiting” on page 325.

•Performance enhancements— Memory utilization and other performance enhancements

have been made. For example, the antivirus database now loads into memory only while

antivirus is enabled in a policy.

•New geo-to-IP database format supported

FortiWeb 5.0

•FortiWeb 3000D, 3000DFsx, and 4000D support — All three models support SSL/TLS

acceleration with CP8 ASIC chips and have bypass/fail-to-wire port pairs. For hardware

details, see your model’s QuickStart Guide and “Fail-to-wire for power loss/reboots” on

page 520. For specifications of maximum supported objects, see “Appendix B: Maximum

configuration values” on page 669.

•Password recovery — If you have forgotten the password, but have physical access to your

FortiWeb, you can now reset the password for the admin administrator account. See

“Resetting passwords” on page 656.

Back up all parts of the configuration and data before updating the firmware to FortiWeb 5.0.

Some backup types do not include the full configuration. For full backup instructions, see

“Backups” on page 206.

FortiWeb 5.0 configuration files are not compatible with previous firmware versions. Many

fundamental changes have been made to its configuration file structure. If you later decide to

downgrade to FortiWeb 4.4.7 or earlier, your FortiWeb appliance will lose its configuration.

To restore the configuration, you will need a backup that is compatible with the older

firmware.