Najnowsze wydanie FortiWeb w wersji 7.4.1 jest już dostępne a w nim sporo nowości. Aktualizacja wprowadza ochronę API opartą na Machine Learning, zabezpieczenie  GraphQL czy też wykrywanie XSW, która jest techniką umożliwiającą złośliwemu klientowi manipulowanie lub fałszowanie cyfrowo podpisanego dokumentu bez unieważniania zawartej sygnatury. Ponadto kilka istotnych zmian dotknęło dzienniki mianowicie dodano powiadomienie o konflikcie IP  czy też zmiana ustawień  przechowywania na wysyłanie dzienników. Więcej informacji zostało przedstawione w artykule poniżej.

Wspierane modele:

Supported Hardware:

• FortiWeb 100D
• FortiWeb 400C
• FortiWeb 400D
• FortiWeb 400E
• FortiWeb 600D
• FortiWeb 600E
• FortiWeb 1000D
• FortiWeb 1000E
• FortiWeb 2000E
• FortiWeb 3000D/3000DFsx
• FortiWeb 3000E
• FortiWeb 3010E
• FortiWeb 4000D
• FortiWeb 4000E
• FortiWeb 100E
• FortiWeb 1000F
• FortiWeb 2000F
• FortiWeb 3000F
• FortiWeb 4000F

Supported Hypervisor Versions:

• VMware vSphere Hypervisor ESX/ESXi 4.0/4.1/5.0/5.1/5.5/6.0/6.5/6.7/7.0/8.0.2
• Citrix XenServer 6.2/6.5/7.1
• Open source Xen Project (Hypervisor) 4.9 and higher versions
• Microsoft Hyper-V (version 6.2 or higher, running on Windows 8 or higher, or Windows Server
  2012/2016/2019/2022)
• KVM (Linux kernel 2.6, 3.0, or 3.1)
• OpenStack Wallaby
• Docker Engine CE 18.09.1 or higher versions, and the equivalent Docker Engine EE versions; Ubuntu18.04.1 LTS
  or higher versions
• Nutanix AHV

FortiWeb is tested and proved to function well on the hypervisor versions listed above. Later hypervisor releases may
work but have not been tested yet.

To ensure high performance, it’s recommended to deploy FortiWeb-VM on the machine types with minimum 2 vCPUs,
and memory size larger than 8 GB.

Supported Cloud Platforms:

• AWS (Amazon Web Services)
• Microsoft Azure
• Google Cloud
• OCI (Oracle Cloud Infrastructure)
• Alibaba Cloud

 

Co nowego :

• ML based API Protection – Schema and Threat Protection
  A new protection layer called “Threat Protection” has been added to the ML based API Protection module. It learns
  parameter value patterns from the API requests body and builds mathematical models to screen out abnormal requests
  that are deemed malicious.
• GraphQL Protection
  Protection for GraphQL is introduced in this release. It safeguards GraphQL APIs from malicious queries, signature
  attacks, and excessive resource consumption, ensuring their secure and efficient operation.
• Waiting Room
  A new Waiting Room capability is introduced in this release under Application Delivery. It controls visitor traffic using a
  virtual holding space and queuing First-In/First-Out system.
• XSW detection
  FortiWeb can now detect XML Signature Wrapping (XSW), a technique that enables a malicious client to manipulate or
  forge a digitally signed document without invalidating the included signature.
• DTD validation for XML requests
  FortiWeb now supports the utilization of a Document Type Definition (DTD) file to establish restrictions for XML requests.
• External IP Address Auto-Retrieval
  In IP Protection > IP List, you now have the option to not only manually specify IP addresses to trust or block but also
  configure the system to automatically retrieve the IP list from an external HTTP/HTTPS server.
• Signature Enhancements
  We now offer support for utilizing hyperscan to identify personally identifiable information within the response body. To
  use this feature, simply enable personally-identifiable-information-hyperscan-mode in config waf
  signature.
  Additionally, the signature details now include information about the main category, sub-category, and sensitivity level.
• Biometric-based bot detection enhancements
  The biometric-based bot detection has been refined to enhance the accuracy of trait collection and URL record logging in
  attack logs. Traits are now weighted in a more effective manner, improving the efficiency of bot screening while
  minimizing false positives.
• reCAPTCHA v3 support
  reCAPTCHA v3 has been integrated in FortiWeb to facilitate bot confirmation. It returns a score for each request without
  user friction, offering a more flexible configuration and user-friendly experience.
• HTTP/2 RST Stream check in HTTP Protocol Constraints
  Checking for HTTP/2 RST Stream occurrences and frequency within an HTTP/2 connection is now supported. To set
  this up, go to Web Protection > Protocol > HTTP > HTTP Protocol Constraints and find the HTTP Request items.
• Permission-policy in HTTP Header Security
  The feature-policy has been updated to permission-policy in alignment with the industry standard. Upgrading is
  seamless with just one click, and syntax errors can be easily validated.
• Multiple SAML servers in Site Publish
  Previously, FortiWeb only supported a single SAML server in Site Publish. Now, it has been upgraded to accommodate
  multiple SAML servers.
• Cached items search enhancement
  In Application Delivery > Caching, we offer the capability to list all cached items associated with a specified URL.
  Furthermore, you can fine-tune your search by applying keywords to filter the results as needed.
• IP Conflict prompt in event log
  If the IP addresses configured on the FortiWeb (including the VIP or network interface IP addresses) conflict with the IP
  addresses of other devices in the same subnet, an IP conflict event will be recorded in the event log, for instance:
  msg=”Detect MAC address 08:35:71:fb:f4:cc claims to have our IP 13.0.0.1.
• Log type setting for storing or sending logs
  You can now choose your preferred log types in the Log & Report > Log Config > Global Log Settings. This allows
  you to select one or multiple of the three log types (attack log, event log, traffic log) for local storage or forwarding to
  external log servers.
• Email attachments compression in Email Policy
  In this release, we have reinstated the email attachments compression for the alert email policy. With the compression
  function enabled, event logs and alerts will be attached to the emails in ZIP format; otherwise, they will be attached in
  TXT format.
• HTTP/2 window size limit raised
  It is now possible to customize the window size, determining the amount of data in bytes that FortiWeb is willing to
  receive at any given time, for both the server and client sides of HTTP/2 connections. The valid range is 65,535-
  2,147,483,647 bytes.

Rozwiązane problemy :

Bug ID	Description
0967153	When the API GET request doesn’t have mkey, a response 500 error will be returned. More details should be included in the response message.
0965426	Certain file extensions are not supported in File Security Rule > Predefined File Types.
0964800	On the FortiWeb100E Gen1 unit, running diagnose hardware check all can correctly detect the memory but will be stuck when printing it.
0964467	The Radius admin groups can’t have more than one name which cause login not working as expected in certain situation.
0961514	Configuration loss occurs after upgrading from 7.2.0 to 7.2.5.
0961043	It’s not supported to configure Max Concurrent Streams to rate limit potential HTTP2 RST-Stream attacks.
0960616	Username filter in Attack Logs does not work as expected.
0960277	The proxyd crash occurs. Applications randomly become intermittently inaccessible.
0960016	The proxyd hits 100% and many websites are down when there are a large number of content routing configured in each server policy.
0958360	Too many health check alerts are generated for Server Health.
0958232	They system sends illegal HTTP request to back-end servers.
0957398	The .apk extension is not available for use under Input Validation > File Security.
0956532	Unable to register FortiWeb VM running on Azure into FortiAnalyzer.
0955391	High CPU usage.
0954061	The SR-IOV network cards on KVM do not work in 7.x.x versions.
0952693	Can’t filter out the „x509 Certificate” related subjects in traffic logs and attack logs.
0951426	File type cannot be detected when the file name has a carriage return in multiform/multipart requests.
0950749	Console show some errors after upgrade.
0949584	The ReCaptcha page is not automatically resized on mobile devices.
0948605	Log files are not created on the log disk.
0948591	OKTA MFA integration with GUI login doesn’t work.
0948568	Subsequent traffic from a blocked IP based on XFF header content is allowed.
0948538	Unstable fuzzy-disable-list scripts in a Web Shell Detection policy.
0947250	The proxyd crashes ml_api_cloud_get_url_model_id.
0946824	The proxyd crashes on websocket_info_clean.
0946507	Cannot enter „?” in the reg-exp using CLI.
0946438	Newly imported certificate does not trigger an event log with cert-expiry details.
0944805	FortiView Threat Map does not show any attacks from the last hour.
0944634	Videos fail to load when HTTP/2 is enabled.
0943027	Application traffic interruption caused by a proxyd issue.
0942110	The secondary device is unreachable when HA is established.
0941239	Blank page after successful login from a remote server.
0939384	Multiple VIPs with the same IP are allowed to be created in ADOM.
0938092	Proxy Crashes.
0936408	Unable to automatically register FortiWeb license in Azure deployment.
0936030	Internal server error in dashboard in Client Management.
0935465	Firewall admin-policy does not work with TCP port 8 and 43.
0935444	Interface secondary IP and VIP (ip_src_balance) does not work in 7.2.2.
0934944	FortiWeb GUI incorrectly displays the default certificate.
0934539	AWS SDN Connector unable to retrieve the Private subnet IP.
0931263	Log hard disk database status change to unavailable.
0929895	Traffic is interrupted unexpectedly.
0929806	The read-only administrator can see passwords’ hashes in CLI.
0929539	Lua Scripting for HTTP response code: If there are two consecutive requests within one connection, if the first one triggers the http:collect(), this collection function will be revoked no matter if the http:collect() is revoked.
0926053	Secondary radius IP address flooded with failed requests following its configuration.
0924691	Add date/time filter in attack log – focus goes to the wrong field.
0924609	Unexpected proxyd crashes.
0919967	Custom Port not in 'LISTEN’ on Backup unit in Active-Active HV cluster.
0901939	’Heard & Mcdonald Islands’ is not listed in GEO IP.
0855594	Scans detecting vulnerable versions of AngularJS and jQuery.

Notatki producenta: FortiMail 7.4.1

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

 

 

Fortinet FortiWeb 7.4.1