Najnowsze wydanie FortiWeb w wersji 7.4.1 jest już dostępne a w nim sporo nowości. Aktualizacja wprowadza ochronę API opartą na Machine Learning, zabezpieczenie GraphQL czy też wykrywanie XSW, która jest techniką umożliwiającą złośliwemu klientowi manipulowanie lub fałszowanie cyfrowo podpisanego dokumentu bez unieważniania zawartej sygnatury. Ponadto kilka istotnych zmian dotknęło dzienniki mianowicie dodano powiadomienie o konflikcie IP czy też zmiana ustawień przechowywania na wysyłanie dzienników. Więcej informacji zostało przedstawione w artykule poniżej.
- FortiWeb 100D
- FortiWeb 400C
- FortiWeb 400D
- FortiWeb 400E
- FortiWeb 600D
- FortiWeb 600E
- FortiWeb 1000D
- FortiWeb 1000E
- FortiWeb 2000E
- FortiWeb 3000D/3000DFsx
- FortiWeb 3000E
- FortiWeb 3010E
- FortiWeb 4000D
- FortiWeb 4000E
- FortiWeb 100E
- FortiWeb 1000F
- FortiWeb 2000F
- FortiWeb 3000F
- FortiWeb 4000F
Supported Hypervisor Versions:
- VMware vSphere Hypervisor ESX/ESXi 4.0/4.1/5.0/5.1/5.5/6.0/6.5/6.7/7.0/8.0.2
- Citrix XenServer 6.2/6.5/7.1
- Open source Xen Project (Hypervisor) 4.9 and higher versions
- Microsoft Hyper-V (version 6.2 or higher, running on Windows 8 or higher, or Windows Server
- KVM (Linux kernel 2.6, 3.0, or 3.1)
- OpenStack Wallaby
- Docker Engine CE 18.09.1 or higher versions, and the equivalent Docker Engine EE versions; Ubuntu18.04.1 LTS
or higher versions
- Nutanix AHV
FortiWeb is tested and proved to function well on the hypervisor versions listed above. Later hypervisor releases may
work but have not been tested yet.
To ensure high performance, it’s recommended to deploy FortiWeb-VM on the machine types with minimum 2 vCPUs,
and memory size larger than 8 GB.
Supported Cloud Platforms:
- AWS (Amazon Web Services)
- Microsoft Azure
- Google Cloud
- OCI (Oracle Cloud Infrastructure)
- Alibaba Cloud
Co nowego :
- ML based API Protection – Schema and Threat Protection
A new protection layer called “Threat Protection” has been added to the ML based API Protection module. It learns
parameter value patterns from the API requests body and builds mathematical models to screen out abnormal requests
that are deemed malicious.
- GraphQL Protection
Protection for GraphQL is introduced in this release. It safeguards GraphQL APIs from malicious queries, signature
attacks, and excessive resource consumption, ensuring their secure and efficient operation.
- Waiting Room
A new Waiting Room capability is introduced in this release under Application Delivery. It controls visitor traffic using a
virtual holding space and queuing First-In/First-Out system.
- XSW detection
FortiWeb can now detect XML Signature Wrapping (XSW), a technique that enables a malicious client to manipulate or
forge a digitally signed document without invalidating the included signature.
- DTD validation for XML requests
FortiWeb now supports the utilization of a Document Type Definition (DTD) file to establish restrictions for XML requests.
- External IP Address Auto-Retrieval
In IP Protection > IP List, you now have the option to not only manually specify IP addresses to trust or block but also
configure the system to automatically retrieve the IP list from an external HTTP/HTTPS server.
- Signature Enhancements
We now offer support for utilizing hyperscan to identify personally identifiable information within the response body. To
use this feature, simply enable personally-identifiable-information-hyperscan-mode in config waf
Additionally, the signature details now include information about the main category, sub-category, and sensitivity level.
- Biometric-based bot detection enhancements
The biometric-based bot detection has been refined to enhance the accuracy of trait collection and URL record logging in
attack logs. Traits are now weighted in a more effective manner, improving the efficiency of bot screening while
minimizing false positives.
- reCAPTCHA v3 support
reCAPTCHA v3 has been integrated in FortiWeb to facilitate bot confirmation. It returns a score for each request without
user friction, offering a more flexible configuration and user-friendly experience.
- HTTP/2 RST Stream check in HTTP Protocol Constraints
Checking for HTTP/2 RST Stream occurrences and frequency within an HTTP/2 connection is now supported. To set
this up, go to Web Protection > Protocol > HTTP > HTTP Protocol Constraints and find the HTTP Request items.
- Permission-policy in HTTP Header Security
The feature-policy has been updated to permission-policy in alignment with the industry standard. Upgrading is
seamless with just one click, and syntax errors can be easily validated.
- Multiple SAML servers in Site Publish
Previously, FortiWeb only supported a single SAML server in Site Publish. Now, it has been upgraded to accommodate
multiple SAML servers.
- Cached items search enhancement
In Application Delivery > Caching, we offer the capability to list all cached items associated with a specified URL.
Furthermore, you can fine-tune your search by applying keywords to filter the results as needed.
- IP Conflict prompt in event log
If the IP addresses configured on the FortiWeb (including the VIP or network interface IP addresses) conflict with the IP
addresses of other devices in the same subnet, an IP conflict event will be recorded in the event log, for instance:
msg=”Detect MAC address 08:35:71:fb:f4:cc claims to have our IP 22.214.171.124.
- Log type setting for storing or sending logs
You can now choose your preferred log types in the Log & Report > Log Config > Global Log Settings. This allows
you to select one or multiple of the three log types (attack log, event log, traffic log) for local storage or forwarding to
external log servers.
- Email attachments compression in Email Policy
In this release, we have reinstated the email attachments compression for the alert email policy. With the compression
function enabled, event logs and alerts will be attached to the emails in ZIP format; otherwise, they will be attached in
- HTTP/2 window size limit raised
It is now possible to customize the window size, determining the amount of data in bytes that FortiWeb is willing to
receive at any given time, for both the server and client sides of HTTP/2 connections. The valid range is 65,535-
Rozwiązane problemy :
|0967153||When the API GET request doesn’t have mkey, a response 500 error will be returned. More details should be included in the response message.|
|0965426||Certain file extensions are not supported in File Security Rule > Predefined File Types.|
|0964800||On the FortiWeb100E Gen1 unit, running diagnose hardware check all can correctly detect the memory but will be stuck when printing it.|
|0964467||The Radius admin groups can’t have more than one name which cause login not working as expected in certain situation.|
|0961514||Configuration loss occurs after upgrading from 7.2.0 to 7.2.5.|
|0961043||It’s not supported to configure Max Concurrent Streams to rate limit potential HTTP2 RST-Stream attacks.|
|0960616||Username filter in Attack Logs does not work as expected.|
|0960277||The proxyd crash occurs. Applications randomly become intermittently inaccessible.|
|0960016||The proxyd hits 100% and many websites are down when there are a large number of content routing configured in each server policy.|
|0958360||Too many health check alerts are generated for Server Health.|
|0958232||They system sends illegal HTTP request to back-end servers.|
|0957398||The .apk extension is not available for use under Input Validation > File Security.|
|0956532||Unable to register FortiWeb VM running on Azure into FortiAnalyzer.|
|0955391||High CPU usage.|
|0954061||The SR-IOV network cards on KVM do not work in 7.x.x versions.|
|0952693||Can’t filter out the „x509 Certificate” related subjects in traffic logs and attack logs.|
|0951426||File type cannot be detected when the file name has a carriage return in multiform/multipart requests.|
|0950749||Console show some errors after upgrade.|
|0949584||The ReCaptcha page is not automatically resized on mobile devices.|
|0948605||Log files are not created on the log disk.|
|0948591||OKTA MFA integration with GUI login doesn’t work.|
|0948568||Subsequent traffic from a blocked IP based on XFF header content is allowed.|
|0948538||Unstable fuzzy-disable-list scripts in a Web Shell Detection policy.|
|0947250||The proxyd crashes ml_api_cloud_get_url_model_id.|
|0946824||The proxyd crashes on websocket_info_clean.|
|0946507||Cannot enter „?” in the reg-exp using CLI.|
|0946438||Newly imported certificate does not trigger an event log with cert-expiry details.|
|0944805||FortiView Threat Map does not show any attacks from the last hour.|
|0944634||Videos fail to load when HTTP/2 is enabled.|
|0943027||Application traffic interruption caused by a proxyd issue.|
|0942110||The secondary device is unreachable when HA is established.|
|0941239||Blank page after successful login from a remote server.|
|0939384||Multiple VIPs with the same IP are allowed to be created in ADOM.|
|0936408||Unable to automatically register FortiWeb license in Azure deployment.|
|0936030||Internal server error in dashboard in Client Management.|
|0935465||Firewall admin-policy does not work with TCP port 8 and 43.|
|0935444||Interface secondary IP and VIP (ip_src_balance) does not work in 7.2.2.|
|0934944||FortiWeb GUI incorrectly displays the default certificate.|
|0934539||AWS SDN Connector unable to retrieve the Private subnet IP.|
|0931263||Log hard disk database status change to unavailable.|
|0929895||Traffic is interrupted unexpectedly.|
|0929806||The read-only administrator can see passwords’ hashes in CLI.|
|0929539||Lua Scripting for HTTP response code: If there are two consecutive requests within one connection, if the first one triggers the http:collect(), this collection function will be revoked no matter if the http:collect() is revoked.|
|0926053||Secondary radius IP address flooded with failed requests following its configuration.|
|0924691||Add date/time filter in attack log – focus goes to the wrong field.|
|0924609||Unexpected proxyd crashes.|
|0919967||Custom Port not in 'LISTEN’ on Backup unit in Active-Active HV cluster.|
|0901939||’Heard & Mcdonald Islands’ is not listed in GEO IP.|
|0855594||Scans detecting vulnerable versions of AngularJS and jQuery.|
Bezpieczeństwo w biznesie