Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 6.4.1 FortiOS Release Notes
6.4.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2

File filter as a standalone profile

File filter as a standalone profile

The previously embedded file filter within web filter, email filter, SSH inspection, and CIFS has moved to a standalone profile. The file filter can be applied directly to firewall policies and supports various traffic protocols in proxy or flow mode.

config file-filter profile
    edit "test"
        set comment ''
        set feature-set flow
        set replacemsg-group ''
        set log enable
        set scan-archive-contents enable
        config rules
            edit "Block Exe"
                set comment ''
                set protocol http ftp smtp imap pop3 mapi cifs ssh
                set action block
                set direction any
                set password-protected any
                set file-type "exe"
            next
        end
    next
end

When upgrading to FortiOS 6.4.1, existing embedded file filter rules (web filter, email filter, SSH inspection, and CIFS) that are not used in any policies or profile groups will have new file filter profiles created for them. Any firewall policies, proxy policies, or profile groups with existing embedded file filter rules will have new file filter profiles created for them.

Previous
Next

File filter as a standalone profile

The previously embedded file filter within web filter, email filter, SSH inspection, and CIFS has moved to a standalone profile. The file filter can be applied directly to firewall policies and supports various traffic protocols in proxy or flow mode.

config file-filter profile
    edit "test"
        set comment ''
        set feature-set flow
        set replacemsg-group ''
        set log enable
        set scan-archive-contents enable
        config rules
            edit "Block Exe"
                set comment ''
                set protocol http ftp smtp imap pop3 mapi cifs ssh
                set action block
                set direction any
                set password-protected any
                set file-type "exe"
            next
        end
    next
end

When upgrading to FortiOS 6.4.1, existing embedded file filter rules (web filter, email filter, SSH inspection, and CIFS) that are not used in any policies or profile groups will have new file filter profiles created for them. Any firewall policies, proxy policies, or profile groups with existing embedded file filter rules will have new file filter profiles created for them.

Previous
Next