What’s new in FortiOS 4.0
Per-firewall policy session TTL
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
37
•
Per-firewall policy session TTL
If required by a network or by the services to be provided by a FortiGate unit, you can now
use the
session-ttl
keyword of the
config firewall policy
command to control
the session time to live (TTL) time for communication sessions accepted by a firewall
policy. The default setting for
session-ttl
in a firewall policy is
0
, which means use the
default session TTL as set by the
config system session-ttl
command. The
default session TTL setting is 3600 seconds. The range for the firewall policy session TTL
is 300 to 604800 seconds.
Gratuitous ARP for virtual IPs
You can configure sending of ARP packets to maintain connectivity of virtual IPs where
other routers clear their ARP table periodically. Use the following command syntax in the
CLI to configure sending of ARP packets by a virtual IP. You can set the time interval
between sending ARP packets. Set the interval to
0
to disable sending ARP packets.
config firewall vip
edit new_vip
(configure the virtual IP)
set gratuitous-arp-interval <interval_seconds>
end
Changes to protection profiles
New configuration settings have been added to protection profiles, and familiar
configuration settings in protection profiles have been reorganized. For a complete
description of FortiOS 4.0 protection profiles, see
“Configuring a protection profile” on
Changes to content archiving
You now configure full and summary content archiving in DLP sensors. Other content
archiving settings are also available in protection profiles and from Application Control in
the CLI. For information about FortiOS 4.0 content archiving, see
Related to changes to content archiving, the information displayed by the Statistics widget
on the system dashboard has also changed. See
.
Customizable web-based manager pages
In addition to configuring administrators with varying levels of access to different parts of
the FortiGate unit configuration, if you are a super_admin, you can customize the
FortiGate web-based manager (or GUI) to show, hide, and arrange widgets/menus/items
according to your specific requirements. In standard operation mode, the display is static.
Customizing the display allows you to vary or limit the GUI layout to fulfill different
administrator roles. There are also several configuration widgets which you can enable for
CLI-only options that are not displayed by default. The customized GUI layouts are stored
as part of the administrator admin profile.
For more information, see
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...