WAN Optimization What’s new in FortiOS 4.0
FortiGate Version 4.0 Administration Guide
30 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
• 3600A
• 3810A
• 5005FA2
• 5001A.
For more information, see “SSL content scanning and inspection” on page 399.
WAN Optimization
You can use the new FortiGate WAN Optimization feature to improve performance and
security across a WAN by applying a number of related techniques including protocol and
application-based data compression and optimization data deduction (a technique that
reduces how often the same data is transmitted across the WAN), web caching, secure
tunneling and SSL acceleration.
For more information, see “WAN optimization and web caching” on page 599.
Endpoint control
The new Endpoint Compliance feature (also called endpoint control) replaces the FortiOS
3.0 Check FortiClient Installed and Running firewall options. You can enforce the use of
FortiClient End Point Security (Enterprise Edition) in your network and ensure that clients
have both the most recent version of the FortiClient software and the most up-to-date
antivirus signatures.
The FortiGate unit retrieves FortiClient software and antivirus updates from the FortiGuard
Distribution Network. If the FortiGate unit contains a hard disk drive, these files are cached
to more efficiently serve downloads to multiple end points. Go to Endpoint Control >
FortiClient to see the software and antivirus signature versions that the endpoint control
feature enforces.
The Endpoint Compliance feature also provides monitoring. The FortiGate unit gathers
information from client PCs when they use a firewall policy with the Enable Endpoint
Compliance Check option enabled.
For more information, see “Endpoint control” on page 641 and “Endpoint Compliance
Check options” on page 336.
Network Access Control (NAC) quarantine
FortiOS 4.0 provides new Network Access Control (NAC) quarantine features that you can
use with Antivirus and intrusion protection to block (or quarantine) users or FortiGate
interfaces when a virus is found or an attack is detected by an IPS Sensor or a DoS
Sensor. You can also use IPS Senors and DoS Sensors to block communication between
the source and destination of an attack.
Data Leak Preventions (DLP) also includes features similar to NAC quarantine that you
can use to block users who send content that matches a DLP sensor.
The FortiGate unit adds blocked users and interfaces to the banned users list. FortiGate
administrators can view the users and interfaces on the banned users list and manually
remove them from the list to restore normal access.
For information about NAC quarantine, see “NAC quarantine and the Banned User list” on
page 595.
To Next Page
Loading...