Top 3 FortiOS 5.4 Enhancements

By March 17, 2016Fortinet, Networks, Security

When it comes to your network’s security, it’s an increasingly complex and moving target. However, the line of solutions Fortinet offers provides the most sophisticated yet easy-to-use network security functions on the market today.

Fortinet recently updated to FortiOS 5.4, and it’s got a whole host of enhancements and new features we’re excited about. Here are three of them:

PCI Compliance Checks

In the featureset of FortiOS 5.4, you now have a new option to run compliance checks for your FortiGate against the current PCI standards. This is a huge boon for anyone who has to conform to this compliance standard because it can make routine checks effortless. You can run it on demand, or schedule it to run hourly, daily, weekly … however you want. You can configure it to send a full report or to throw alerts when something is out of compliance.

For example, if a password has not been changed within the 90 days (a PCIv3 requirement) or does not meet the compliance standards of complexity, your FortiGate will catch that on its next scan.

It scans for a wide range of things, but it checks for administrator password compliance (expiration and complexity), that logs are being saved on a remote server, that audit trails include date, time and user identification … among many other variables.

PCI compliance

Incident Response

Fortinet has taken an ecosystem of some its features and enhanced and automated them to create quick, smart incident response. By allowing the FortiSandbox, FortiGate and FortiClient to work more closely together, threats can be mitigated much more efficiently.

For example, if a 0-day exploit gets into the network and – allowing that your FortiGate is configured to send suspect files to the FortiSandbox – the sandbox will analyze the file. If the sandbox deems it malicious, it generates a new signature that is then sent to the FortiGate and immediately applied so that no more attacks of the same exploit type can get through. The FortiSandbox is extremely efficient in accomplishing this – sometimes in less than five minutes’ time. Additionally, assuming proper configuration, the FortiGate will send an alert to the incident response team/administrator notifying them that a new threat is detected, that a new signature was created in response, and which device was compromised.

Systems that include FortiClient can then quarantine the compromised device with a one-click action from the FortiView pane, as seen below:

quarantine forticlient

Better Visibility

FortiView now offers a bubble chart view for traffic data. It’s an easy representation of the traffic on your network.

bubble view

You can also see on a map representation what countries your traffic is going to, which is a quick way for you to identify if you’ve got traffic going from your network to a suspicious area. You can even drill down and show a report of what sources and destinations, through what applications, what got blocked by the firewall, and even bandwidth used.
traffic to country view

FortiView offers a variety of different types of data to view and different ways to visualize that data. If you’re upgrading to FortiOS 5.4, take some time to poke around under FortiView and see what’s there. There is a wealth of information in very easy-to-digest representations.

FortiOS 5.4 has a lot more to offer. If you want a full writeup, check out Fortinet’s announcement.

Do you have questions about upgrading to FortiOS 5.4 or about the Fortinet ecosystem? Send us an email or give us a call at 502-240-0404!