The new FortiOS 5.6 brings new features

I have been writing recently about how to deploy the “new” FortiOS 5.4 into VMware. However, although the deployment method is the same, we can already deploy the new beta FortiOS 5.6 as well for testing environments. Today, the recommended firmware for production firewalls is FortiOS 5.4.4 but if we are wondering what's new in FortiOS 5.6 and we would like to test it, we can already download it for playing in a laboratory.

FortiOS 5.6 Dashboard

One of the new and enhanced features is Security Fabric integration with FortiView. What the hell is this? If we have several Fortinet devices, we can have a much better visibility into our network traffic because we can have the physical and logical topology of our organization from one and unique dashboard, where we can also search for users, vulnerabilities, usage links, etc. These allow us to identify issues quickly and intuitively.

FortiView Physical Topology

Another new and powerful feature is Security Fabric Audit which is an easy way to know if you are doing well. This new feature help us to apply security recommendations to our Fortinet devices such as upgrading firmware, disabling insecure protocols, moving servers to DMZ, applying updates to Windows devices and many more security recommendations. Therefore, these allow us to apply best practices for compliance and identify vulnerabilities quickly for getting a network more secure over time.

Security Audit Fabric

From time to time customers ask me to apply firewall policies by applications, which is a common practice in another firewalls like Palo Alto. The new FortiOS 5.6 allow us to configure firewall policies to deny or allow traffic by applications like Skype, YouTube, etc. In addition to this new way of application control, we can also configure firewall policies by URL category. These are features very demanded by users where application control and web filtering are part of firewall policies and they are a conditional to deny or allow network traffic.

NGFW Policy

I think, Virtual Extensible LAN (VXLAN) support is a good news by FortiOS 5.6, which means we will be able to configure Layer 2 VPN over a layer 3 network. This feature, although it's only configured through CLI right now, is interesting and useful because we don't need a high-end and powerful firewall to deploy VXLAN technology but entry-level firewalls will be enough to enjoy with this new Layer 2 VPN technology.

On the other hand, WAN link load balancing has been enhanced to SD-WAN or Software Defined WAN. Although it's still a small module inside FortiOS, it allows us to balance access links by users or applications, which makes bandwidth management a must for most organizations.

SD-WAN

 

Last but not least, security subscriptions have been modified to introduce Industrial Signatures for IPS and Application Control. What's more, Application Control Signatures are downloaded free with support contract FortiCare, and Anti-Botnet is now part of AntiVirus license in FortiOS 5.6.

FortiOS 5.6 Security Subscriptions

Regards my friends; new firewall operating system, new features, go ahead.