FortiWeb Web Application Firewall Family Enhanced to Protect Confidential, Regulated Data

FortiWeb 4.0 MR2 firmware upgrade expands attack protection

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

Fortinet, a network security and unified threat management (UTM) solutions provider, has released a major firmware release for its FortiWeb Web application firewall family. FortiWeb appliances provide enterprises, application service providers, security-as-a-service (SaaS), and managed security service provider (MSSP) customers with significantly expanded security capabilities designed to harden and simplify protection of critical Web-based applications containing regulated and confidential data.

FortiWeb 4.0 MR2 firmware features include expanded attack protection schemes to help organizations more easily achieve and maintain compliance with Payment Card Industry Data Security Standards (PCI DSS 6.6) and help prevent identity theft, financial fraud, and corporate espionage associated with strategic Web applications.

The FortiWeb family of integrated Web application and XML firewall appliances deliver this specialized, layered application threat protection. These appliances are unique in consolidating Web application firewall, XML filtering, Web traffic acceleration, and application traffic balancing into a single device. Equipped with FortiWeb 4.0 MR2 firmware, FortiWeb appliances leverage techniques that provide bi-directional protection against sophisticated threats such as SQL injection and cross-site scripting.

A new Web Vulnerability Scanner is also provided as another layer of visibility to help detect existing vulnerabilities targeting specific Web applications. This capability is critical to help achieve and maintain compliance with the most current PCI DSS 6.5 and 6.6 specifications designed to secure Web applications that process, store, or transmit payment card data. These specifications require Web application firewalls and vulnerability assessment capabilities, both of which are provided by Fortinet in a single device.

With the new FortiWeb 4.0 MR2 firmware, FortiWeb appliances now have additional security and usability capabilities that include:

  • Robust protection against remote file inclusion attacks
  • File upload restrictions that now control which file types (jpg, exe, zip, etc) can be uploaded to Web applications
  • Data loss prevention enhancements that enable customers to mask credit card numbers in server replies to prevent sensitive data leakage
  • Authentication of users via Radius servers
  • Scheduled and automatic FTP backups
  • A new import/export tool for specific security policies and the ability to automatically clone those policies

The FortiWeb 4.0 MR2 firmware release is available now. More information is available at

Must Read Articles