• United States
Executive Editor

Fortinet adds intrusion detection platform

Jun 16, 20032 mins
Intrusion Detection SoftwareNetwork SecurityNetworking

Fortinet is adding intrusion prevention software to its multifunction security platform, enabling customers to block a range of threats or suspected attacks.

The 2.5 version of its FortiOS software for FortiGate appliances also upgrades its virus scanning intrusion detection, firewall and VPN capabilities.

The new intrusion prevention platform is configured to block more than 30 known attacks such as denial of service and distributed DoS, syn floods and other protocol floods, buffer overflows, ping of death and port scanning. The software uses a variety of means to block attacks including dropping suspicious packets, resetting connections and blocking source addresses.

The attack signatures stored in the device have been organized by threats to categories so customers can scan for some but not others. For instance, signatures that indicate attacks on Linux systems only are grouped so they can be excluded from the scan done by a customer that has no Linux machines. This eliminates unnecessary processing.

Customers can also add signatures to the attack library and can configure the boxes to probe on any or all ports rather than just one as was the case previously.

The company has added the ability to scan FTP files for viruses. Before, its antivirus software could scan only POP3, SMTP, IMAP and HTTP traffic. It can scan e-mails and filters based on different parameters such as sender, black lists and white lists and words and phrases in the body of the message.

It can also now scan LZH compressed traffic and HTTP traffic that enters via firewall ports other than port 80. Customers can also set aside up to 15% of the memory on FortGate gear to quarantine suspicious files until they can be examined. The company has added a tool so these files can be forwarded quickly to Fortinet for analysis.

On a system level, Fortinet gear now supports security policies between virtual LANs (VLAN)  that span multiple ports on the device. It also supports more than one VLAN policy per port. Before, policies were applied to all traffic to a given physical interface.

High-availability has been added so up to 32 FortiGates can be clustered via an external switch so if one box fails, the others take over. Meanwhile, they share the load.

FortiOS 2.5 is available this month on new equipment and is available free as part of service contracts for existing customers.