Pros & Cons on FortiOS 5.0


fortios5

This is just appraisal based on my experience not an officially mention by Fortinet, Fortinet has improve their OS with many feature besides some of their features that were reduced on FortiOS 5.0

PROS:
1. New console-interface with more contents and feature. And also more IPS signature and Antivirus database updates.

fg12
2. Add new features which I think some of them were great improvement on FortiOS 5.0 such as:
– Endpoint client control used for “BYOD”, which can control and monitoring endpoint device with firewall policies and antivirus using FortiClient

fg1 fg2
– Client reputation feature, gathering information from your network clients by tracking client behaviour and giving report on the activities that can determine are risky and detect spesific attacks

fg3 fg4
– Improve on Users/Devices authentication

fg5
– Improved CLI syntax with multi value fields
– Virtual Hardware Switch
– FortiExplorer for iOS

fg7
– ICAP (Internet Content Adaptation Protocol) and explicit web proxy with web proxy debugging

fg``
– FortiOS web caching now caches Windows/MS-Office software updates
– New HA mode: Fortinet redundant UTM protocol (FRUP)
– New SSL VPN Improvements: SSL VPN user groups no longer required, Support SSL VPN push configuration of DNS suffix.
– FortiAP local bridging (Private Cloud-Managed AP). Which can provide WIFI access to a LAN even when the wireless controller is located remotely, WIFI Single Sign ON (SSO), Wireless client load balancing, and Bring your FortiGate box as WIFI controller.

fg17

3. Add new UTM features
– Improved list editing on security policy
– New Advanced Persistent Threat features including botnet protection, phising protection, and zero-day threat protection using FortiGuard Analytics for sandboxing

fg16
– Inspecting SIP over SSL/TLS (secure SIP)

fg13
– SSL Inspection was improved
– Adding new DoS anomaly protection
– New Sniffer mode: one-armed and normal

fg8
– New FortiGuard web filtering lookups: DNS-based Web Filtering which uses less CPU time, system memory, and network bandwidth than proxy or flow-based mode that can resulting in better performance

fg14
– FortiGuard auto-config using DHCP
– New Firewall Policy: Policy-based IPSec VPN security policy, Local-in policies, Packet capture by security policy, Multicast Policy
– UTM VOIP profiles

4. Log viewer and reporting improvements
– Fortigate UTM security analysis report

fg9
– FortiCloud integrated. Provide central logging and reporting on FortiCloud portal

FG10

5. IPv6 support improvements
– New features on IPv6: IPv6 Policy Route, IPv6 explicit web proxy, IPv6 NAT (NAT64, DNS64, and NAT66), DHCPv6 relay.
– New FortiGate IPv6 MIB fields

Cons:
1. Some features was removed or replaced such as traditional DoS Policy, Syslog-server log and reporting feature,etc
2. Sometime show up HTTP error when click on console menus, may be this is bugs on FortiOS 5.0 hope that Fortinet fix this issue on the next patch
3. More features on configuration was hide and must activate using CLI such as log and reporting

4. Still explore…..😀

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: