Fortinet Introduces Next Generation Operating System for Web Application Firewall Product Family

Fortinet Introduces Next Generation Operating System for Web Application Firewall Product Family

Fortinet Introduces Next Generation Operating System for Web Application Firewall Product FamilyFortinet, a provider of high-performance network security, introduced the next-generation operating system (OS) for its FortiWeb Web application firewalls product family, providing important security advancements to protect against increasingly malicious application layer attacks. The new FortiWeb 5 OS, which is backward compatible with the entire FortiWeb family, features critical security advancements that include the ability to accurately identify the origin of Web application traffic to proactively distinguish between legitimate and malicious sources.

FortiWeb provides the ability to distinguish between legitimate known search engine requests, scanners, crawlers and other threshold based tools. This expands the bot identification and analysis coverage recently introduced with the FortiGuard IP Reputation service, which monitors IPs that are compromised or behaving abnormally.

Designed for MSSPs, ISPs and large enterprises

In conjunction with the FortiWeb 5 rollout, Fortinet is also introducing three new Web application firewall appliances: the FortiWeb-3000D, FortiWeb-3000DFsx and FortiWeb-4000D, which are designed for large enterprises, service providers and large data centers that require high-performance, Web-application security. The FortiWeb-3000D and FortiWeb-3000DFsx support up to 1.5 Gbps of throughput while the FortiWeb-4000D supports up 4 Gbps. The new appliances are 50 to 100 percent faster than their predecessors and provide robust protection against the Open Web Application Security Project’s (OWASP) top 10 risks and aid in PCI DSS 6.6 compliance.

Addressing Web Application Pain Points

Because today’s Web applications are being accessed and/or targeted by automated scripting tools, scans, search engines and unknown or malicious sources, security administrators need to quickly and easily identify those sources and traffic types. This is critical to distinguish good and bad traffic types and sources. FortiWeb technology now provides a graphical dashboard to easily spot and track bot traffic trends.

Moreover, the need to protect against application layer DoS attacks is increasingly important, given the precipitous rise in attacks on application resources. This is in stark contrast to hackers’ previous focus on disrupting network bandwidth. FortiWeb 5 expands the previously released challenge response mechanism that distinguishes legitimate Web application requests from automated DoS tools to support in multiple different policies, providing better flexibility and granularity.

And, as data centers continue their ongoing transition from IPv4 to IPv6, the need to provide bi-directional support between the two communication protocols is essential to maintaining optimal security. FortiWeb 5.0 fully supports IPv4-to-IPv6 and IPv6-to-IPv4 communications.

What’s New in FortiWeb 5

What makes the FortiWeb product family unique is its ability to combine broad Web application protection with Layer 7 load balancing and a built-in, vulnerability scanner in a simple-to-manage system that does not require add-on licenses for each system component.

FortiWeb 5 delivers new capabilities that include:

  • Search Engine Identification: With up to 30% of Web application traffic requests coming from known search engines, such as Google, Bing, Yahoo and others, coupled with a proliferation of automated attacks, botnets, zombies and orchestrated DDoS attacks, the need to correctly identify sources and their intention is vital. FortiWeb 5 provides this capability so organizations can protect and optimize their Web applications accordingly. This feature also ties into the software’s new bot control identification layer, which proactively identifies whether in-bound traffic is coming from legitimate search engines or botnets, anonymous proxies, malicious sources or large-scale, automated attacks.
  • Bot Dashboard: As a complement to the bot control layer, the new bot dashboard provides security administrators an immediate visual snapshot of traffic hitting their Web applications, so they can quickly ascertain whether bot-crawling apps are known search engines or malicious scanners.
  • Real Browser Enforcement: As an enhancement to its application layer DoS protection, FortiWeb 5 enhances its Real Browser Enforcement challenge response action to better validate requests, ascertain the legitimacy of users and weed out automated DoS tools.

“The introduction of FortiWeb 5 and our new high end Web application firewalls are designed for the most demanding enterprises and service providers,” said John Maddison, vice president of marketing for Fortinet. “Not only are we introducing more intelligent protection against the OWASP top 10 threats, we’re delivering new appliances that leverage an application-aware, load-balancing engine to distribute traffic and route content across multiple Web servers. The FortiWeb product line combines the best of both worlds – the industry’s most advanced Web application security with optimal performance.”

The FortiWeb 5 OS is now available as a free update to all existing customers with a valid support contract from https://support.fortinet.com. The newFortiWeb-3000D, FortiWeb-3000DFsx andFortiWeb-4000D are available today.

To learn more about Fortinet’s FortiWeb 5 operating system and the FortiWeb-3000D, FortiWeb-3000DFsx and the FortiWeb-4000D, please register here for a free Webinar, event number 572 212 639.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”