Easy Forticare And Fortiguard Services Registration And Renewal; Endpoint Control Enhancements; Per-Vdom Replacement Messages - Fortinet FortiGate Series Administration Manual

What's new in FortiOS Version 4.0 MR1

Easy FortiCare and FortiGuard services registration and renewal

Endpoint control enhancements

Per-VDOM replacement messages

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
FortiOS Version 4.0 MR1 firmware helps you to register your FortiGate unit for FortiGuard
and FortiCare services. When a new FortiGate unit is powered on, it automatically
searches for FortiGuard services. If the unit is configured for central management, it will
look for FortiGuard services on its FortiManager system. The FortiGate unit sends its
serial number to FortiGuard services, which then determines whether the FortiGate unit is
registered and has a valid contract for either a FortiGuard subscription or FortiCare
support services.
For more information, see
Endpoint Control is now called Endpoint NAC (Network Access Control), which better
describes its role in controlling endpoint access to the network.
The configuration for required FortiClient software version is now in Endpoint NAC >
Config. Configuration options are the same as in the previous release.
FortiOS 4.0 provided only software detection on endpoints. FortiOS 4.0 MR1 can allow or
block endpoints based on detected software. The Software Detection List is now called an
Application Detection List and you can create multiple lists.
FortiGuard services provides all application signatures. You create your application
detection list entries by selecting applications from lists of categories, vendors, and
application names. Go to Endpoint NAC > Application Detection > Detection List. to create
detection lists. To view application information from FortiGuard services, go to
Endpoint NAC > Application Detection > Predefined.
Endpoint check options are no longer configured in the firewall policy. These options and
the application detection list are now selected in an Endpoint NAC profile. In the firewall
policy, you simply enable Endpoint NAC and select the Endpoint NAC profile to apply.
For more information, see
FortiOS 4.0 MR1 enables you to define replacement messages in each VDOM. In
previous releases, replacement messages were defined only at the global level. By
default, the VDOM uses the global replacement messages. You can modify any message
for your VDOM as needed, overriding the global message.
When defining replacement messages, you can optionally reset the message to its
original value. At the global level, you can reset the message to the factory default. At the
VDOM level, you can reset the message to the current global value.
In the web-based manager, each VDOM has a replacement messages configuration page
at System > Config > Replacement Messages, as exists at the global level. Modify the
messages as needed.
For more information, see
Easy FortiCare and FortiGuard services registration and renewal
"License Information" on page
"Endpoint NAC" on page
"Replacement messages" on page
110.
695.
250.
35