Thursday, April 30, 2009

Software Updates

Current Updates:

FortiOS:
  • 3.0 MR7 Patch 5, Build 741
FortiManager:
  • 4.0.1, Build 89
FortiAnalyzer:
  • 4.0.2, Build 45

Monday, April 20, 2009

New FortiGate Hardware

Fortinet has released the FortiGate 51B and FortiGate 111C platforms. While on paper the specs are very similar to the FG50B and FG 110C respectively the new units have onboard flash storage for local logging and also support the WAN optimization feature. WAN optimization is a new feature introduced in FortiOS 4.0.

Wednesday, April 15, 2009

Software Updates - Now Bi-weekly

Going forward I will post software updates twice a month, around the 15th and the 30th or so to accumulate all software updates that occur over those two week periods.

Current Updates:

FortiOS:
  • 3.0 MR7 Patch 4, Build 740
  • 4.0.2, Build 99 (Note the new revision naming conventions)
FortiMail:
  • 3.0 MR4 Patch 5, Build 438
FortiClient:
  • 4.0.1, Build 52
FortiDB:
  • 3.2.1, Build 17

Wednesday, April 8, 2009

FortiAnalyzer Funkiness

When you configure your FortiAnalyzer and you have firewalls reporting to it that are not in the same subnet, make sure you configure the correct default gateway under "System -> Network -> Routing". This might seem pretty obvious but has caught me off guard a couple of times.

Fortigate firewalls use UDP port 514 (a connectionless protocol) to send log data to the FortiAnalyzer. The FA can receive those logs without knowing how to route back to the firewalls, therefore the correct default gateway is not required.
In addition the firewalls also use TCP port 514 (a protocol requiring a three-way handshake). If the correct default gateway is not set on the FA strange things happen. With a large number of reporting devices some will show up under "Device -> All", some will not. In our most recent incarnation after rolling out a new FA we had about half our firewalls listed, the other systems were attempting to connect but could not.

So, if you are missing firewall devices after a new FA rollout or rebuild make sure you verify that default gateway setting.

Monday, April 6, 2009

FortiScan 1000B

Today, Fortinet announced the release of its newest platform, the FortiScan 1000B. The FortiScan is a Unified Threat Management system. Stay tuned for a review. More information can be found here:
http://www.fortinet.com/press_releases/090406.html

FortiOS 4 Device Support

Fortinet has released FortiOS 4.0.1 which has added support for an extended set of firewall hardware such as Fortigate 60, 100, 200, 400, etc.

** Update **

FortiOS 4.0.1 has been removed from the support site as of April 06. Looks like some interim builds made their way into the release somehow.

** Update #2 **

There was a major issue with IPSEC aggressive mode tunnels. This has been fixed in 4.0.2 which has now been released.