What’s new in FortiOS 4.0 Per-firewall policy session TTL
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 37
http://docs.fortinet.com/ • Feedback
Per-firewall policy session TTL
If required by a network or by the services to be provided by a FortiGate unit, you can now
use the session-ttl keyword of the config firewall policy command to control
the session time to live (TTL) time for communication sessions accepted by a firewall
policy. The default setting for session-ttl in a firewall policy is 0, which means use the
default session TTL as set by the config system session-ttl command. The
default session TTL setting is 3600 seconds. The range for the firewall policy session TTL
is 300 to 604800 seconds.
Gratuitous ARP for virtual IPs
You can configure sending of ARP packets to maintain connectivity of virtual IPs where
other routers clear their ARP table periodically. Use the following command syntax in the
CLI to configure sending of ARP packets by a virtual IP. You can set the time interval
between sending ARP packets. Set the interval to 0 to disable sending ARP packets.
config firewall vip
edit new_vip
(configure the virtual IP)
set gratuitous-arp-interval <interval_seconds>
end
Changes to protection profiles
New configuration settings have been added to protection profiles, and familiar
configuration settings in protection profiles have been reorganized. For a complete
description of FortiOS 4.0 protection profiles, see “Configuring a protection profile” on
page 404.
Changes to content archiving
You now configure full and summary content archiving in DLP sensors. Other content
archiving settings are also available in protection profiles and from Application Control in
the CLI. For information about FortiOS 4.0 content archiving, see “Content Archive” on
page 667.
Related to changes to content archiving, the information displayed by the Statistics widget
on the system dashboard has also changed. See “Statistics” on page 71.
Customizable web-based manager pages
In addition to configuring administrators with varying levels of access to different parts of
the FortiGate unit configuration, if you are a super_admin, you can customize the
FortiGate web-based manager (or GUI) to show, hide, and arrange widgets/menus/items
according to your specific requirements. In standard operation mode, the display is static.
Customizing the display allows you to vary or limit the GUI layout to fulfill different
administrator roles. There are also several configuration widgets which you can enable for
CLI-only options that are not displayed by default. The customized GUI layouts are stored
as part of the administrator admin profile.
For more information, see “Customizable web-based manager” on page 231.
To Next Page
Loading...