Fortinet introduces next-generation OS for Web application firewall product family

The new OS provides important new security advancements to protect against increasingly malicious application layer attacks.
The new FortiWeb 5 OS, which is backward compatible with the entire FortiWeb family, features the ability to accurately identify the origin of Web application traffic to proactively distinguish between legitimate and malicious sources as well as other critical security advancements.
The new FortiWeb OS provides the ability to distinguish between legitimate known search engine requests, scanners, crawlers and other threshold based tools. The new OS expands the bot identification and analysis coverage recently introduced with the FortiGuard IP Reputation service, which monitors IPs that are compromised or behaving abnormally.
In conjunction with the FortiWeb 5 rollout, Fortinet is also introducing three new Web application firewall appliances: the FortiWeb-3000D, FortiWeb-3000DFsx and FortiWeb-4000D, which are designed for large enterprises, service providers and large datacenters that require high performance Web application security.
The FortiWeb-3000D and FortiWeb-3000DFsx support up to 1.5 Gbps of throughput while the FortiWeb-4000D supports up 4 Gbps. The new appliances are 50 to 100 percent faster than their predecessors and provide robust protection against the Open Web Application Security Project (OWASP) Top 10 risks and aid in PCI DSS 6.6 compliance.
Fortinet said in its press statement that FortiWeb 5 expands the previously released challenge response mechanism that distinguishes legitimate Web application requests from automated DoS tools to support in multiple different policies, providing better flexibility and granularity. It said the need to protect against application layer DoS attacks is increasingly important given the precipitous rise in attacks on application resources.
What makes the FortiWeb product family unique is its ability to combine broad Web application protection with Layer 7 load balancing and a built-in vulnerability scanner in a simple-to-manage system that does not require add-on licenses for each system component, the statement said.

FortiWeb 5 delivers new capabilities that include:
- Search Engine Identification: With up to 30% of Web application traffic requests coming from known search engines such as Google, Bing, Yahoo and others, coupled with a proliferation of automated attacks, botnets, zombies and orchestrated DDoS attacks, the need to correctly identify sources and their intention is vital. FortiWeb 5 provides this capability so organizations can protect and optimize their Web applications accordingly. This feature also ties into the software’s new bot control identification layer, which proactively identifies whether in-bound traffic is coming from legitimate search engines or botnets, anonymous proxies, malicious sources or large scale automated attacks
- Bot Dashboard: As a complement to the bot control layer, the new bot dashboard provides security administrators an immediate visual snapshot of traffic hitting their Web applications so they can quickly ascertain whether bots crawling apps are known search engines or malicious scanners.
- Real Browser Enforcement: As an enhancement to its application layer DoS protection, FortiWeb 5 enhances its Real Browser Enforcement challenge response action to better validate requests, ascertain the legitimacy of users and weed out automated DoS tools.
“The introduction of FortiWeb 5 and our new high end Web application firewalls are designed for the most demanding enterprises and service providers,” said John Maddison, vice president of marketing for Fortinet.
“Not only are we introducing more intelligent protection against the OWASP Top 10 threats, we’re delivering new appliances that leverage an application-aware load balancing engine to distribute traffic and route content across multiple Web servers. The FortiWeb product line combines the best of both worlds – the industry’s most advanced Web application security with optimal performance.”
The FortiWeb 5 OS is now available as a free update to all existing customers with a valid support contract from https://support.fortinet.com. The new FortiWeb-3000D, FortiWeb-3000DFsx and FortiWeb-4000D are also available now.