What's New in previous versions of FortiOS 5.6
This chapter briefly highlights some of the higher profile new FortiOS 5.6 features, some of which have been enhanced for FortiOS 5.6.1 and FortiOS 5.6.3.
FortiGate VM enhancements for AWS, Azure, Google, SDN connectors and more
The realm of virtual computing has become mainstream and not only does this mean that security appliances can also be virtual, there is also a requirement for security appliances in a virtual environment. These environments can be the publicly available platforms such as Amazon Web Services, Azure and Google Cloud Platform or they can be Software Defined Networks (SDN) such as those made by Cisco, HP, Nuage and OpenStack. For that reason, not only is the number of Virtual FortiOS variations growing along with what they can do, a number of the new features being introduced deal with integrating FortiOS into these environments. See FortiGate VM enhancements for AWS, Azure, Google, SDN connectors and more (5.6.3).
Fortinet Security Fabric enhancements
Security Fabric features and functionality continue to evolve. New features include improved performance and integration, a security audit function that finds possible problems with your network and recommends solutions, security fabric dashboard widgets, improved device detection, and the remote login to other FortiGates on the fabric. See New Fortinet Security Fabric features.
Security Fabric Audit
The Security Fabric Audit allows you to analyze your Security Fabric deployment to identify potential vulnerabilities and highlight best practices that could be used to improve your network’s overall security and performance. See Security Fabric Audit and Fabric Score.
The Dashboard has been enhanced to show more information with greater flexibility and more functionality. See New Dashboard Features for details.
NGFW Policy Mode
You can operate your FortiGate in NGFW policy mode to simplify applying Application control and Web Filtering to firewall traffic. See NGFW Policy Mode (397035).
Flow-based inspection with profile-based NGFW mode is the default inspection mode in FortiOS 5.6.
Transparent web proxy
In addition to the Explicit Web Proxy, FortiOS now supports a Transparent web proxy. You can use the transparent proxy to apply web authentication to HTTP traffic accepted by a firewall policy. See Transparent web proxy (386474).
Controlled failover between wireless controllers
Administrators can now define the role of the primary and secondary controllers on the FortiAP unit, allowing the unit to decide the order in which the FortiAP selects a FortiGate unit and how the FortiAP unit fails over to a backup FortiGate unit if the primary FortiGate Fails. See Controlled failover between wireless controllers.
FortiView Endpoint Vulnerability chart
A new FortiView chart that tracks vulnerability events detected by the FortiClients running on all devices registered with the FortiGate. See New FortiView Endpoint Vulnerability Scanner chart (378647).
FortiClient Profile changes
FortiClient profiles have been re-organized and now use the FortiGate to warn or quarantine endpoints that are not compliant with a FortiClient profile. See FortiClient Profile changes (386267, 375049).
Adding Internet services to firewall policies
Internet service objects can be added to firewall policies instead of destination addresses and services. See Adding Internet services to firewall policies (389951).
Source and destination NAT in a single Firewall policy
Extensions to VIPs support more NAT options and other enhancements. See Combining source and destination NAT in the same policy (388718).
- Application Control is now standard with FortiCare support
- Real time logging to FortiAnalyzer and FortiCloud
- Multiple PSK for WPA Personal (393320)
- VXLAN support (289354)
- NP6 Host Protection Engine (HPE) adds protection for DDoS attacks (363398)
- FortiGate Logs can be sent to syslog servers in Common Event Format (CEF) (300128)
- New PPPoE features