Fortinet 17 FortiWeb 5.0 Patch 6 Administration Guide
FortiWeb 5.0 Patch 1
Site publishing— You can now easily publish Microsoft Outlook Web Access (OWA),
SharePoint, Lync and other web applications. FortiWeb streamlines access to the
applications by providing offloaded authentication with optional single sign-on (SSO)
functionality. See Site Publish and “Single sign-on (SSO)” on page 243.
“Alert Only” action for individual signatures — To provide better flexibility, you can now
choose an Alert Only action for individual attack signatures. When configuring a protection
profile, save it, then return to it and click the Advanced Mode button. Select a signature
category from the menu. When individual signatures appear in the pane on the right, click
the signature’s row to select it, then mark the Alert Only check box in the Signature tab. See
“Configuring action overrides or exceptions to data leak & attack detection signatures” on
page 398.
Attack signature filters — In the Advanced mode while configuring attack signatures, in the
bottom of the navigation tree on the left, new categories have been added that display
individual signatures that have been disabled, or whose Alert Only check box is marked.
Previously, the Search item in the tree only enabled you to search for signature IDs. See
“Finding signatures that are disabled or “Alert Only”” on page 401.
Custom global white list objects— You can now add your own URLs, parameters, and
cookies that you don’t want FortiWeb to inspect. Previously, you could only white list
predefined objects. See “Configuring the global object white list” on page 464.
Advanced/combination access control rule enhancement— When configuring HTTP
header conditions for combination access control rules, regular expressions are now
supported. See “Combination access control & rate limiting” on page 325.
Performance enhancements— Memory utilization and other performance enhancements
have been made. For example, the antivirus database now loads into memory only while
antivirus is enabled in a policy.
New geo-to-IP database format supported
FortiWeb 5.0
FortiWeb 3000D, 3000DFsx, and 4000D support — All three models support SSL/TLS
acceleration with CP8 ASIC chips and have bypass/fail-to-wire port pairs. For hardware
details, see your model’s QuickStart Guide and “Fail-to-wire for power loss/reboots” on
page 520. For specifications of maximum supported objects, see “Appendix B: Maximum
configuration values” on page 669.
Password recovery — If you have forgotten the password, but have physical access to your
FortiWeb, you can now reset the password for the admin administrator account. See
“Resetting passwords” on page 656.
Back up all parts of the configuration and data before updating the firmware to FortiWeb 5.0.
Some backup types do not include the full configuration. For full backup instructions, see
“Backups” on page 206.
FortiWeb 5.0 configuration files are not compatible with previous firmware versions. Many
fundamental changes have been made to its configuration file structure. If you later decide to
downgrade to FortiWeb 4.4.7 or earlier, your FortiWeb appliance will lose its configuration.
To restore the configuration, you will need a backup that is compatible with the older
firmware.