Fortinet 5.0 Patch 6

Fortinet 19 FortiWeb 5.0 Patch 6 Administration Guide

•X-Forwarded-For

•Shared IP

• Policy bypasses for known search engines

•Geo IP

•DoS Protection

•IP Reputation

•URL Rewriting (also redirection)

•HTTP Authentication and LDAP, RADIUS, and NTLM profiles

•Data Analytics

• Log-based reports

• Alert email

• Syslog and FortiAnalyzer IP addresses

•NTP

• FTP immediate/scheduled

• OCSP/SCEP

•Anti-defacement

• HA/Configuration sync

•exec restore

•exec backup

•exec traceroute

•exec telnet

•Challenge action for application-level anti-DoS — Rather than simply blocking all clients

that exceed your rate limit or trigger other DoS sensors, you can now choose to test the

client first — to return a web page that uses a script to assess whether the client is a web

browser or an automated tool favored by attackers. In this way, you can allow higher rate

limits for people than automated tools. See “Limiting the total HTTP request rate from an IP”

on page 339 and “Preventing an HTTP request flood” on page 347.

•Search engine access improved — You can now allow known search engines such as

Google, Yahoo!, Baidu and Bing to be exempt from DoS sensors, brute force login sensors,

HTTP protocol constraints, and combination rate & access control (called “advanced

protection” and “custom policies” in the web UI). See Allow Known Search Engines in

“Configuring a protection profile for inline topologies” on page 468 or “Configuring a

protection profile for an out-of-band topology or asynchronous mode of operation” on

page 477.

•Robot control simplified — Control of known malicious automated tools has been

simplified, and custom robot definitions removed. See Bad Robot in “Blocking known

attacks & data leaks” on page 387.

•Robot monitoring report — To monitor search engines that may be abusing access, you

can monitor throughput and transactions per second for each crawler from your GUI’s

reports area. See “Bot analysis” on page 605.

•Dynamic rate threshold in Real Time Monitor widget — The Policy Summary widget has

been renamed, and now scales its graph dynamically to best show you differences based

upon your normal levels of traffic. See “Real Time Monitor widget” on page 537.

•HTTP status code customization — To prevent WAF fingerprinting that can be a precursor

for evasive APT attackers, you can now modify the return codes such as 200 OK that