What’s new
What’s new
The following features are new or have changed since FortiDB 5.1. For upgrade information, see the release notes available with the firmware and “Updating the firmware”.
FortiDB 5.1.6
HIPAA compliance reports — In addition to SOX and PCI reports, FortiDB now has pre-defined HIPAA (Health Insurance Portability and Accountability Act) reports to help customers meet regulatory requirements.
See “PCI, SOX, and HIPAA reports”.
SQL string detection in Alert policies — You can now specify a SQL string to detect in a Table and Column DAM alert policy. This is useful for detecting attacks that use SQL injection.
See “Configuring a table and column policy”.
Support for encrypted Oracle traffic for database activity monitoring (DAM) — FortiDB now can monitor encrypted Oracle traffic in sniffer mode.
See “Monitoring encrypted Oracle traffic”.
Exclude policies from vulnerability assessment (VA) scans — You can now exclude policies from VA scans of specific targets. This feature allows you to scan databases with different policy sets without creating new scans for each case.
See “Adding or modifying assessments”.
Sysbase IQ support for VA — FortiDB now supports SybaseIQ for VA. (Penetration test and DAM are not supported.)
See “Adding (or modifying) a target connection”.
Performance enhancement — FortiDB now has an internal alert policy pre-filter that speeds up alert data processing.
FortiDB 5.1.5
Tomcat upgrade — Tomcat (one of FortiDB’s internal components) has been upgraded to eliminate vulnerabilities found in the older version.
Mitigate vulnerability related to Bash (CVE-2014-6271) — FortiDB used Bash to allow access to the shell in its debug builds. It has been replaced to eliminate the CVE-2014-6271 vulnerability.
FortiDB 5.1.4
Support for SQL Server 2014 VA — You can now scan the latest MS SQL server platform for vulnerabilities.
TCP/IP sniffer optimized for better performance and stability — Throughput and performance for the sniffer-based data collection method has been improved.
Enhanced diagnose mode — FortiDB has a new command set that allows you to troubleshoot more efficiently. See “Using the command line interface (CLI)”.
Security enhancements — Enhanced protection for Cross Frame Scripting (XSS), and cache control to prevent data from being saved by the browser.
FortiDB 5.1.3
Internal message queuing mechanism enhancement — The internal message queuing mechanism was upgraded. This improves the stability of data collection in high transaction volume environments.
Support for online context in help — FortiDB now supports online context in Help. This allows more comprehensive searches and more up to date information for end-users.
Support for partitions larger than 2TB in FortiDB 3000D — The large partition size enables more efficient audit data storage in the 3000D appliances.
For information on adjusting the RAID level for the FortiDB 3000D and other models, see “config system raid”.
Email notification enhancement — This enhancement alleviates the problems associated with configuring reports in the notification section of the Monitor setup.
FortiDB 5.1.2
No design changes. Bug fixes only.
FortiDB 5.1.1
Support for FortiDB-1000D appliance — FortiDB-1000D is a stronger, faster platform supporting up to 30 databases that replaces the FortiDB-1000C.
tcpdump — FortiDB now includes tcpdump, a packet analyzer that you access using the command-line interface (CLI). The tcpdump provides a reliable way for FortiDB deployments that use the TCP/IP sniffer to collect traffic data for troubleshooting purposes.
Documentation enhancements
This guide is reorganized to more closely match the structure of other Fortinet documentation products.