Fortinet tweaks Web application firewalls


The advantage of appliances being run by an operating system is that new features can be easily added. As a result, its become common for network equipment makers to torque their operating systems regularly to meet the demands of customers and competitors

The latest do to this is Fortinet Inc., which announced version 5.0 of its FortiWeb operating system for its Web application firewalls.

The new OS – which is backwards compatible for existing FortiWeb appliances – includes more visibility into traffic and enhanced defences for distributed denial of service (DDoS) attacks.

The company also announced performance upgrades to some of the hardware.

“Customers are looking for additional functionality in their Web application firewalls,” Idan Soen, Fortinet’s director of product management for the FortiWeb line, said in an interview.

“It’s not just about security. They want to know what’s going on — how much traffic is hitting their environment, what type of traffic.” Some sites have discovered that over 30 per cent of their traffic comes from search engines, he noted. Much of it is legitimate, but some can be malicious.

In conjunction with Fortinet’s FortiGuard IT Reputation service, which feeds FortiWeb appliances daily with information on on new malicious sources, Version 5.0 of the operating system helps network managers better identify whether traffic is coming from crawlers, bad robots spiders and Web scanners that look for web site vulnerabilities or from legitimate search engines.

The data is displayed on a new dashboard that aggregates the information.

As for meeting DDoS attacks, version 5.0 improves on the previous operating system’s real browser enforcement, which is a challenge/response system that asks a user to reply to a request using Javascript that shows whether the connection is a real person or an attack.

Now the system can be an automated action for every DDoS policy. As a result IT managers can define the time threshold the user has to reply. If the answer doesn’t come back fast enough, then an automated action (alert, block etc.) can set up.

Several new appliances were alos announced”

–the 3000D offers up to up to 1.5 Gbps throughput (50 per cent faster than the 3000C), 60,000 transactions per second. Also comes with 16 GB of RAM. Pricing hasn’t changed.

It replaces the 3000C, which supported up to 1 Gbps of throughput and up to 40,000 transactions per second;

–3000CFsx, the same specs as the 3000C, but has a fibre by-pass port;

–and the 4000D, which offers up to 2 Gpbs and up to 100,000 transactions per second. It comes with 32 Gb of RAM.

It replaces the 4000C, which could handle up to 70 transactions per second.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now