Whats new in FortiOS 4.0

Fortigate just announced their new FortiOS 4.0. Some of the features seems very promising.

The first thing I notice is that not all devices can run FortiOS 4.0. If you have an old firewall (probably FG60) you need to upgrade the hardware before you upgrade the software. This basically means that you will have to buy a new firewall.

There also are some new features that will require an upgrade of the firewall - and a hard drive.

Here are the good news:

• In source and destination interface and zone you now now have an "any" policy. Using this policy your rule can apply to all your interfaces or zones.
• DoS rules are added outside of the IPS engine.
• Traffic shaping policy is now moved outside of the firewall policy. This is good as you now can apply a max for all traffic (sessions) on a shaper, like limiting SMTP to only use a maximum of 200kB. In previous versions the shaper shaped down to 200kB per session.
• HTTP proxy. Probably useless if you do not have an hard drive on your firewall.
• The virtual servers concept  is improved. Better check of available servers and limiting of concurrent sessions.
• The SSL VPN is improved. With customized portals.
• WAN optimization. This is only for a few firewalls. But when it works it competes with Riverbed (read about my review here).
• Data leak prevention. This are statically configured rules that blocks [IM,HTTP,FTP,NNTP] traffic if the traffic matches something static.
• Application control. Have still not found its purpose...
• Extended AV database. It is probably better than the normal AV database...
• On the protection profile you can now add more ports for a given protocol. Data leak prevention policies are also configured here.

And the bad news:

• PPTP VPN is removed.
• Dynamic routing for IPv6 is still not implemented. (At least in the GUI.)
• Some VPN monitoring tools have moved. You will learn again where to find it. Hint: User\Monitor from the context menu.

Technorati tags: fortinet, fortigate