FortiOSTM 4.0 Software
FortiOS 4.0 Software
FortiOS 4.0 Software—Redefining Network Security
FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate multi-threat
security platforms. FortiOS software enables high performance multi-threat security by leveraging the hardware acceleration
provided by FortiASIC™ content and network processors. This combination of custom hardware and software gives you the
best security and performance possible from a single device. FortiOS helps you stop the latest, most sophisticated, and
dynamic threats facing your network today with expert threat intelligence delivered via FortiGuard® Security Subscription
FortiOS 4.0 software redefines network security by extending the scope of integrated security and networking capabilities
within the FortiGate multi-threat security platform. Regardless of the size of your organization, you can benefit from the
most comprehensive suite of security and networking services within a single device on the market today. FortiOS 4.0
software includes a wide range of features that increase your security while reducing your operating and capital costs.
FortiGate platforms combine enterprise-class firewall, IPSec VPN, SSL-VPN, intrusion prevention, antivirus, web filtering,
antispam, and Layer 2/3 routing services. The latest release also adds Data Loss Prevention (DLP), WAN optimization,
application control, SSL-encrypted traffic inspection, endpoint Network Access Control (NAC), enhanced VoIP Security,
and Vulnerability Management capabilities. FortiOS 4.0 software delivers on its mission to enable secure business
communications while offering the best performance and lowest cost of ownership.
Enhanced Security
Fortinet designed FortiOS 4.0 security services from
the ground up to deliver integrated performance and
effectiveness that standalone products simply cannot
match. The services work together as a system, acting in
tandem to provide you with better visibility and the ability to
stop threats against your network and applications as early
as possible, before damage can occur.
Improved Value
FortiOS 4.0 software provides you with access to security
services that you may have considered cost-prohibitive
or overly complex to deploy individually. Moreover, the
new features of FortiOS 4.0 software are available at no
additional cost for every eligible FortiGate device with an
active maintenance contract.
Simplified Management
FortiOS 4.0 software consolidates your security infrastructure
and simplifies your management requirements, lowering
your costs and reducing the workload of your IT staff. It
dramatically reduces the complexity of deploying defensein-depth compared with stand-alone products. You have
the flexibility of a unified policy at the device level and an
appliance-based centralized management platform for
large deployments. Fortinet even offers a service-based
management solution for smaller organizations to further
simplify security management, fully integrated with FortiOS
4.0 software.
“Changing business processes and threats are driving
new requirements for network security. Increasing
bandwidth and new application communication (such
as Web 2.0) are changing how protocols are used and
how data is presented. Software as a service is moving
critical data off-site, and an increasing reliance on
critical IT is pushing security in new directions.”
Greg Young and John Pescatore, Gartner, Magic Quadrant for Enterprise Firewalls, November 2008.
FortiOS 4.0 Software—Raising The Bar
Fortinet continues to increase the breadth and depth of security and networking services included in the FortiOS purposebuilt operating system. By adding new functionality and enhancing the performance of existing services, FortiOS software
continues to demonstrate why it remains the gold standard for multi-threat security. In the past, the only way organizations
could deploy these technologies was by adding more stand-alone products, which also increased deployment, configuration,
and management costs.
FortiOS gives you the choice of up to four options for protection from malware. In addition to
three proxy-based antivirus databases, FortiOS also now includes a high-performance flowbased antivirus option. The new flow-based option scans files as they pass through the device,
allowing you to scan files of any size and still maintain the highest levels of performance. By
providing you the flexibility to choose your antivirus engine, you can balance your performance
and security requirements for your environment.
Data Loss Prevention (DLP)
It is imperative for you to control the vast amount of confidential, regulated, and proprietary data
traversing your network, and keep it within defined network boundaries. Working across multiple
applications (including those encrypting their communications), DLP uses a sophisticated patternmatching engine to identify and then prevent the communication of sensitive information outside
the network perimeter. In addition to protecting your organization’s critical information, DLP also
provides audit trails for data and files to aid in policy compliance. You can use the wide range of
configurable actions to log, block, and archive data, as well as ban or quarantine users.
WAN Optimization
With WAN Optimization, you can accelerate applications over your wide area links while ensuring
multi-threat security enforcement. FortiOS 4.0 software not only eliminates unnecessary and
malicious traffic as one of its core capabilities, it also optimizes legitimate traffic by reducing the
amount of communication and data transmitted between applications and servers across the
WAN. This results in improved performance of applications and network services, as well as
helping to avoid additional higher-bandwidth provisioning requirements.
Application Control
Application control enables you to define and enforce policies for thousands of applications
running on your endpoints , rega rdles s of the port or the protoc ol us ed for c ommunic a tion.
Application classification and control is essential to manage the explosion of new web-based
applications bombarding networks today, as most application traffic looks like normal web traffic
to traditional firewalls. Fortinet’s application control technology identifies application traffic and
then applies security policies easily defined by the administrator. The end result is more flexible
and granular policy control, with deeper visibility into your network traffic.
SSL-Encrypted Traffic Inspection protects clients and web and application servers from malicious
SSL-encrypted traffic, to which most security devices are often blind. SSL Inspection intercepts
encrypted traffic and inspects it for threats, prior to routing it to its final destination. SSL Inspection
applies to both client-oriented SSL traffic (such as users connecting to an SSL-encrypted hosted
CRM site) and inbound traffic destined an organization’s own web and application servers. You
now have the ability to enforce appropriate use policies on inappropriate encrypted web content,
and protect servers from encrypted intrusion attempts and other encrypted attacks.
Endpoint Network Access Control (NAC)
Endpoint NAC enforces the use of the FortiClient Endpoint Security application (either Standard
or Premium editions) on your network. It verifies the installation of the most recent version of the
FortiClient application, up-to-date antivirus signatures, and enabled firewall before allowing the
traffic from that endpoint to pass through the FortiGate platform. You also have the option to
quarantine endpoints running applications that violate policies and require remediation.
FortiOS Security Services
NAT, PAT, Transparent (Bridge)
Policy-Based NAT
VLAN Tagging (802.1Q)
User Group-Based Authentication & Scheduling
SIP/H.323 /SCCP NAT Traversal
WINS Support
Explicit Proxy Support (incl. Citrix/TS Support)
VoIP Security (SIP Firewall / RTP Pinholing)
IPv6 Support (NAT / Transparent mode)
Identity/Application-Based Policy
Includes Antispyware and Worm Prevention
Protection From Over 3000 Threats
Protocol Anomaly Support
Custom Signature Support
Major IM Protocols Automatic Attack Database Update
Flow-Based Antivirus Scanning Mode
IPv6 Support
Automatic “Push” Content Updates
File Quarantine Support
IPv6 Support
Databases: Standard, Extended, Extreme, and Flow Built-in Pattern Database
RegEx-based Matching Engine for Customized Patterns
76 Unique Content Categories / 2+ Billion Unique URLs
Supports IM, HTTP/HTTPS, and More
HTTP/HTTPS Filtering
Many Popular File Types Supported
PPTP, IPSec, and L2TP + IPSec Support
Web Filtering Time-Based Quota
International Character Sets Supported
SSL-VPN Concentrator (incl. iPhone client support) URL/Keyword/Phrase Block
DES, 3DES, and AES Encryption Support
URL/Category Exempt
SHA-1/MD5 Authentication
Blocks Java Applet, Cookies, Active X
Real-Time Blacklist/Open Relay Database Server
PPTP, L2TP, VPN Client Pass Through
MIME Content Header Filtering
MIME Header Check
Hub and Spoke VPN Support
IPv6 Support
Keyword/Phrase Filtering
IP Address Blacklist/Exempt List
IPSec NAT Traversal
Automatic Real-Time Updates From FortiGuard Network
Dead Peer Detection
Control Popular IM/P2P Apps Regardless of Port/Protocol:
RSA SecurID Support
Monitor & Control Hosts Running FortiClient Endpoint
AOL-IM Yahoo
SSL Single Sign-On Bookmarks
Gnutella BitTorrent MySpace
SSL Two-Factor Authentication
Vulnerability Scanning of Network Nodes
WinNY Skype
eDonkey Facebook
LDAP Group Authentication (SSL)
FortiOS Networking Services
Multiple WAN Link Support
PPPoE Support
DHCP Client/Server
Policy-Based Routing
Dynamic Routing for IPv4 (RIP, OSPF, IS-IS, BGP, &
Multicast protocols)
Dynamic Routing for IPv6 (RIP, OSPF, & BGP)
Multi-Zone Support
Route Between Virtual LANs (VLANs)
Multi-Link Aggregation (802.3ad)
VRRP and Link Failure Control
sFlow Client
Differentiated Services (DiffServ) Support
Guarantee/Max/Priority Bandwidth
Separate Firewall/Routing Domains
Separate Administrative Domains
Separate VLAN Interfaces
Web Server Caching TCP Multiplexing
WCCP Support
Active-Active, Active-Passive
Stateful Failover (FW and VPN)
Link Status Monitor
Link failover
Server Load Balancing
Bi-Directional / Gateway to Client/Gateway
Integrated Caching and Protocol Optimization
Accelerates CIFS/FTP/MAPI/HTTP/HTTPS/Generic
Requires a FortiGate device with Hard Drive
FortiOS Management Services
Web UI (HTTP/HTTPS), Telnet / Secure Command
Network Vulnerability Scanning
Local Database
Shell (SSH), and Command Line Interface (CLI)
Graphical Report Scheduling Support
Windows Active Directory (AD) Integration (w/ FSAE)
Role-Based Administration
Graphical Real-Time and Historical Monitoring
External RADIUS/LDAP/TACACS+ Integration
Multi-language Support: English, Japanese, Korean, Local and Remote Syslog/WELF server logging
Xauth over RADIUS for IPSEC VPN
SNMP Support
RSA SecurID Support
Multiple Administrators and User Levels
LDAP Group Support
System Software Rollback
VPN Tunnel Monitor
Optional FortiAnalyzer Logging (including per-VDOM)
Optional FortiGuard Analysis and Management
Customizable Dashboard Widgets (Web UI)
Central Management via FortiManager (optional) Service
Security Subscription Services
deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security
Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion
prevention, web filtering, antispam, vulnerability management, web application firewall, and database security services.
FortiCare ™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products
to perform optimally. Support plans start with 8x5 Enhanced Support with hardware return for replacement or 24x7 Comprehensive Support with
advanced replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products include a 1-year
limited hardware warranty and 90-day limited software warranty.
Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA
Tel +1.408.235.7700
Fax +1.408.235.7737
Fortinet Incorporated
120 rue Albert Caquot
06560, Sophia Antipolis, France
Tel +33.4.8987.0510
Fax +33.4.8987.0501
Fortinet Incorporated
61 Robinson Road, #09-04 Robinson Centre
Singapore 068893
Tel +65-6513-3730
Fax +65-6223-6784
® , FortiGate
® , and FortiGuard
® , are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks o
Copyright© 2010 Fortinet, Inc. All rights reserved. Fortinet
their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaim
whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warrant
to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current
publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF