What’s new in FortiOS 4.0
UTM features grouped under new UTM menu
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
29
•
UTM features grouped under new UTM menu
AntiVirus, Intrusion Protection, Web Filter, and AntiSpam, as well as the new Data Leak
Prevention and Application Control features are grouped under a new UTM menu. All the
familiar Antivirus, Intrusion Protection, Web Filter, and AntiSpam features are available
here. Most IM, P2P, and VoIP functionality has been integrated into application control. IM
user control has moved to
User > Local > IM
. IM user monitoring has moved to
User >
Monitor > IM User Monitor
.
If you enable virtual domains, you configure all UTM features separately for each VDOM
except for the Antivirus quarantine and grayware configuration.
Data Leak Prevention
The new Data Leak Prevention (DLP) feature protects sensitive information from being
transmitted via web, email or file transfer protocols. You define rules and compound rules
to detect possible data leaks and specify the action to take in response. Rules and
compound rules are combined into DLP sensors, which you can enable in firewall
protection profiles.
For more information, see
“Data Leak Prevention” on page 511
.
Application Control
The new Application Control UTM feature allows your FortiGate unit to detect and take
action against network traffic depending on the application generating the traffic. Based on
FortiGate Intrusion Protection protocol decoders, application control is a more user-
friendly and powerful way to use Intrusion Protection features to log and manage the
behavior of application traffic passing through the FortiGate unit. Application control uses
IPS protocol decoders that can analyze network traffic to detect application traffic even if
the traffic uses non-standard ports or protocols.
The FortiGate unit can recognize the network traffic generated by more than 70
applications. You can create application control lists that specify what action will be taken
with the traffic of the applications you need to manage. You specify the application control
list in the protection profile applied to the network traffic you need to monitor. You can also
create multiple application control lists, each tailored to a particular network, for example.
For more information, see
“Application Control” on page 523
.
SSL content scanning and inspection
FortiGate models that include hardware supporting SSL acceleration now also support
SSL content scanning and inspection. Using SSL content scanning and inspection, you
can apply antivirus scanning, web filtering, FortiGuard web filtering, spam filtering, data
leak prevention (DLP), and content archiving to HTTPS, IMAPS, POP3S, and SMTPS
traffic. The following FortiGate models support SSL content scanning and inspection:
•
110C
•
111C
•
310B
•
602B
•
3016B
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...