FortiADC 6.0.0 offers the following new features:
Server Load Balance
- Kubernetes Connector (Ingress controller)
The FortiADC Kubernetes connector is a FortiADC built-in connector, which is used to sync Kubernetes objects (service, nod, pod) and update it to VS automatically.
Note: The K8s connector currently works with K8s Service API version 1 only. Support is not guaranteed for later versions.
- MSSQL load balance
Support load balancing for MSSQL servers in the scenario where one primary replica and multiple secondary replicas are used. It allows FortiADC to forward the read SQL requests (e.g. “select”) to multiple secondary servers and other write requests to the primary server.
- NTLM authentication
NTLM is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. This authentication mechanism allows clients to access resources using their Windows credentials, and is typically used within corporate environments to provide single sign-on functionality to intranet sites.
- HTTP Form based authentication with FortiToken cloud
FortiToken Cloud offers two-factor authentication as a service to Fortinet customers. This feature support the authentication with FortiToken Cloud for the HTTP virtual server access.
- Error page enhancement
Supports more code statuses for error page (in addition to 502), so now the error page can be used for any error..
- TLS1.3 enhancement
Update TLS1.3 cipher list, and have more configuration checks for TLS1.3 settings
- Keep client address for L7 DNS virtual server
In some deployments for security/audit reasons, backend real server requires the original client address. In this feature we can keep client address unchanged when forwarding the DNS request to real server.
- CAPTCHA action support for WAF and DDoS
CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge–response test used to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites. It can be used in WAF and DDoS module as a new action.
- API security gateway
The feature provides an API gateway for backend API services. It processes essential checks to API requests, such as user authentication, rate limiting, source IP limiting, request method/header limiting, and header attaching, to mitigate the attacks to backend API services.
- HTTP headers security
Some HTTP headers are designed to provide another layer of security to mitigate web attacks and security vulnerabilities. This feature allows FortiADC to attach these HTTP security headers while forwarding HTTP traffic. These HTTP security headers include content-security-policy, x-xss-protection header, HTTP strict-transport-security(HSTS), x-frame-options, x-content-type-options.
- Support X-HTTP-Method-Override in Request Method Rule
There exists attacks that use a trusted HTTP methods such as GET or POST, but adding HTTP headers such as X-HTTP-Method, X-HTTP-Method-Override, or X-Method-Override to bypass the HTTP method restriction rules are applied by FortiADC. This feature allows FortiADC to check these HTTP headers while checking HTTP method rules to avoid such security bypassing.
- Fabric Connector
New Security Fabric provides a visionary approach to integrate internal and external security connectors, including Central Manager, FortiSandbox, and FortiGSLB.
- External Connector
FortiADC offers external connectors for 3rd party applications.
The following external connector categories are available in the Security Fabric: Private SDN and Authentication.
- Splunk App
Splunk App is an application runs on Splunk platform to analyze and display the information from the collected log data.
For FortiADC, customer configure the Splunk Connector to the Splunk Server, and then get all the customized graphs from the Splunk App
- FortiToken Cloud support for administrator
FortiADC provide administrator login management with FortiToken Cloud as a two-factor authentication.
- Add secure flag when use HTTPs to access ADC to avoid cookie leaking
Secure enhancement to enable secure flag in HTTPS response prevents authentication cookie from leaking to HTTP connections. Added https-redirect option to redirect all HTTP connection to HTTPS, enabled by default.
- HA MAC address changes to management interface MAC
We allow customers to configure different virtual MAC for HA interface, which previously may have caused MAC issues on the peer switch. To avoid these issues, we reuse the same MAC of the physical interface.
- Upgrade FortiGuard authentication method to be more secure
- New FortiGate-like theme
- More cohesive information in FortiView
Show all statistics of Real Servers of Virtual Server in one form.
Show all the values of each real server of each virtual server, not using the graph
- WAF pages enhancement
WAF profile and signature pages redesign