FortiADC 5.4.0 offers the following new features:
Configure real server by FQDN
In some customer deployments, the real servers (RS) change their IP address due to autoscaling, upgrades, etc, which requires RS IP settings to be changed in RS pool accordingly.
This feature will support configuring FQDN for a real server. FAD will query the DNS server periodically and once the IP address changes, it will resolve the new IP address for this real server automatically.
Customizable authentication form for Form Based Authentication
Beyond the default authentication form, customers can also upload a user-defined login page for all the form-based authentications. Customers are able to define their own authentication portal.
Manage HTTP persistence via script
Customers can define any persistence rule to distribute real server via Lua script, no longer limited to the configurable persistence types.
New script commands added to set/read/dump persistence rules, and new events PERSISTENCE/POST_PERSIST.
Please refer to the latest script guide for an example.
HTTP 1.1 health check and user defined HTTP header fields
Customers can select HTTP version 1.0 or 1.1 for HTTP/HTTPS health checks and also send additional strings in HTTP headers.
LDAP health check
Support for detecting LDAP server health status.
More data type checks in input validation
Support regex type for parameter validation rule in addition to current length check.
Added predefined data types for customers to choose, including US zip code, US SSN, etc.
Allows customers to import OpenAPI documents (YAML or JSON format) to validate HTTP request headers, including servers validation, path validation, parameters validation, cookie validation, and request body validation.
Enhance search engine crawler in bot detection
Support bypass option for well-known search engines; it will not log events of these search engines' access.
Updated the latest search engines including Ask, Sogou and Tiktok.
OWASP-top10 Wizard policy
Create an OWASP-top-10 policy with a few clicks.
More information included in WAF log
Provide more detailed information about the attack event in the log, including signature example, attack defend suggestion etc.
- Firewall traffic logging support
OCSP configuration enhancement
OCSP configuration GUI redesign streamlines OCSP setup process.
- Support SafeNet Luna Network HSM 7
New platform 5000F
The high end platform FADC 5000F is released with 5.4.0. This 2U platform has 4 x 100G and 8 x 40G ports, and offers high performance for your data center (L4 up to 250Gbps, L7 HTTP up to 220G, SSL offloading up to 120Gbps). Supports 40G port breakout, splitting 40G port into 4 separate 10G ports.
Please refer to the latest datasheet for more information.
Cloud-init scripts support on AWS and VMware
Cloud-init is the industry standard start-up agent installed on virtual machines to facilitate cloud deployments. It will speed up the initialization of your FAD instance by passing user data like ssh keys and bash scripts.
- Cloud templates and autoscaling solution on AWS
Force default password change upon first-time login
In accordance with “California Privacy Law and Authentication Requirements", default passwords are no longer allowed.
New log maintaining strategy when log data size exceeds threshold
When log data size exceeds threshold, it will take some time to clear the old data in backend, which may cause CPU high usage. The new log table design clears old data faster.
OSPF Stub Area support: summary stub and no-summary stub
FAD can be placed in a stub area in order not to receive all routes from area 0.
- Removed Physical Topology page in FortiView
FortiView>Logic Topology page
Supports more filters, shows more information when you hover over a virtual server, etc.
FortiView>Vitual Server page
Shows all virtual servers by default; shows all real servers below when you click on the virtual servers row
- Added "Regex Test" tool on all configuration pages, which includes regex settings