Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

New Contributor II

FortiOS 6.0 New features

These are the summery of new features in FortiOS 6.0 (Beta3) so far.


Administrator defined automation (B3)

Administrator defined automated work flows (called stitches) use if/ then statements to cause FortiOS to automatically respond to an event in a pre-programmed way. Because this workflow is part of the security fabric

you can set up if/then statements for any device in the Security Fabric.


To create a workflow, log into the root FortiGate and go to Security Fabric > Stitches and select Create New. Set up the stitch as required. The following example sends an email if any device in the security fabric

experiences high CPU usage. The email would include information about the problem and the source of the alert.


Indicator of compromise (IOC) quarantine and IP ban (B3)

If you configure an IOC trigger you can select from a number of options including Quarantine and IP Ban. Both options block all traffic from the source addresses flagged by the IOC. Quarantined devices are flagged on the

Security Fabric topologies.


Asset tagging (B3)

You can go to System > Tags to create custom tags that can be applied to interfaces, objects, and devices. Then whenever these interfaces, objects or devices appear on reports, in the Security Fabric topologies or in

FortiView they are highlighted.

For example, you could create a tag called Marketing and apply it to all interfaces and devices connected to the marketing network and every time one of those items appeared in a report or diagram the tag would also be available.


EMAC-VLAN support (B3)

The EMAC-VLAN feature allows you to add multiple Layer 2 addresses (or Ethernet MAC addresses) to a single physical interface. This is accomplished by created sub-interfaces (also called slave devices) of a parent, physical Ethernet interface (also called the upper device). Each sub-interface has its own unique randomly generated MAC address and configurable IP address. Adding an interface this way results in a new interface appearing on the FortiGate interface list and network devices that communicate with the physical interface see a new interface with its own MAC and IP address on the network.


Application groups for NGFW policies (B1)

When your FortiGate is operating in NGFW policy mode you can create application groups when adding NGFW policies. To enable NGFW policy mode go to System > Settings and set the Inspection mode to Flow-based

and the NGFW Mode to Policy-Based. Then, when adding IPv4 or IPv6 policies you can create application groups to simplify policy creation.


FortiGuard virus outbreak prevention (B3)

This new feature uses real-time checksums to filter files to prevent quick virus outbreaks, because it usually takes at least a few hours for signatures to be developed and pushed, and a virus outbreak can do a lot of damage

within that time period.


Wildcard FQDNs for SSL deep inspection exemptions (B2)

The configuration mechanism for Wildcard FQDN addresses is optimized so that the address can be on a global or a VDOM basis. Wild card FQDN addresses, whether created on a per-VDOM basis or globally, end up in the

same table for use in configuration. To use the contents of the objects in the list of wild card FQDN addresses on a per-VDOM basis, make them a member of a wild card FQDN address group.


SSH MITM deep inspection (B3)

As vulnerabilities of OpenSSH continue to be exposed, it has become necessary to detect such attacks, which requires the ability to decrypt the SSH tunnel to check the data. This feature introduces comprehensive security

controls on SSH Man-in-the-Middle (MITM) deep inspections, including:


  1. SSH filter profiles to control SSH tunnel types and filtering on SSH shell commands.
  2. SSH proxy policies to apply a proxy firewall policy with user authentication on SSH session.
  3. Support for SSH tunnel policy to perform access control for TCP/IP port forwarding traffic that is tunneled through the SSH proxy. IPS scanning can be applied to the tunneled traffic.
  4. Support for SSH trust to detect and prevent SSH MITM attacks.



Prageeth Karunarathne.