Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What's new

FortiADC 6.1.0 offers the following new features:

Server Load Balance

SSL Proxy mode

Starting 6.1.0, all FortiADC models can be switched to a new SSL Proxy mode, which can act as a dedicated SSL proxy device to offer full SSL encryption/decryption solution. It provides the following functions:

  • Full SSL proxy (decrypt & re-encrypt traffic); Support TLS 1.3
  • Firewall Load Balancing
  • Full visibility for the SSL traffic on HTTPS or TCPS, especially to other security devices for deep inspection (Inline, or mirror)
  • High performance SSL offloading by dedicated SSL ASIC
  • Easy deployment using wizard configuration

In order to move to SSL Proxy, you need to change the device mode (only supported in CLI):

execute ssli mode enable

HTTP/HTTPS explicit forward proxy

FortiADC explicit proxy provides a more secure way to control user access to the HTTP/HTTPS server. You can configure client browser proxy to point all the user requests to FortiADC's virtual server, then FortiADC forwards them to its back-end servers. For the SSL traffic, SSL tunnel will be established. This is a good solution for the deployment in which firewall has strict policy. You can set it to only trust FortiADC for web requests.

Application Automation

SAP Connector

Integrated in SAP system to replace SAP Web Dispatcher for better availability and security:

  • Automatically sync configuration information from SAP Message Server
  • Load balancing, proxy all incoming requests (HTTP and HTTPS) from clients to application server (AS) of SAP system
AWS (EKS) Connector

Integrated in Amazon Cloud:

  • Automatically sync configuration information from EKS control plane (K8s)
  • Support private/public IP address (In case VM is installed on AWS)
  • Add a Dynamic Manual option to allow Load Balance on specific instance (configured on RS)
  • Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to EKS servers
OCI (OKE) Connector

Integrated in Oracle Cloud:

  • Automatically sync configuration information from OKE control plane (K8s)

  • Support private/public IP address (In case VM is installed on OCI)
  • Add a Dynamic Manual option to allow LB on specific instance (configured on RS)
  • Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to OKE servers

Application Security

L7 FTP virtual server support Antivirus

FortiADC now scans upload/download files on L7 FTP virtual server to protect against the latest viruses, malware, spyware, and other threats.

Cookie Security - Support SameSite attribute

The SameSite attribute prevents the browser from sending this cookie along with cross-site requests, to mitigate the risk of cross-origin information leakage. It provides Strict, Lax, and None values for this attribute. The default value is Lax.

System

HA Enhancement

FortiADC now supports floating IPv6 address for HA-VRRP modes.

 

GUI and Visibility

FortiAnalyzer Connector

FortiAnalyzer Connector has been introduced to provide an easy way to send custom logs to FortiAnalyzer for real-time network Analytics and Log Management

FortiSIEM Connector

FortiSIEM Connector has been introduced to provide an easy way to send custom logs to FortiSIEM for Unified NOC and SOC Analytics.

GUI enhancements

The following enhancements are made in GUI:

  • Redesigned Logging and FortiView
  • License detail information is displayed when mouse hovering on dashboard license widget
  • GUI table style is changed

What's new

FortiADC 6.1.0 offers the following new features:

Server Load Balance

SSL Proxy mode

Starting 6.1.0, all FortiADC models can be switched to a new SSL Proxy mode, which can act as a dedicated SSL proxy device to offer full SSL encryption/decryption solution. It provides the following functions:

  • Full SSL proxy (decrypt & re-encrypt traffic); Support TLS 1.3
  • Firewall Load Balancing
  • Full visibility for the SSL traffic on HTTPS or TCPS, especially to other security devices for deep inspection (Inline, or mirror)
  • High performance SSL offloading by dedicated SSL ASIC
  • Easy deployment using wizard configuration

In order to move to SSL Proxy, you need to change the device mode (only supported in CLI):

execute ssli mode enable

HTTP/HTTPS explicit forward proxy

FortiADC explicit proxy provides a more secure way to control user access to the HTTP/HTTPS server. You can configure client browser proxy to point all the user requests to FortiADC's virtual server, then FortiADC forwards them to its back-end servers. For the SSL traffic, SSL tunnel will be established. This is a good solution for the deployment in which firewall has strict policy. You can set it to only trust FortiADC for web requests.

Application Automation

SAP Connector

Integrated in SAP system to replace SAP Web Dispatcher for better availability and security:

  • Automatically sync configuration information from SAP Message Server
  • Load balancing, proxy all incoming requests (HTTP and HTTPS) from clients to application server (AS) of SAP system
AWS (EKS) Connector

Integrated in Amazon Cloud:

  • Automatically sync configuration information from EKS control plane (K8s)
  • Support private/public IP address (In case VM is installed on AWS)
  • Add a Dynamic Manual option to allow Load Balance on specific instance (configured on RS)
  • Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to EKS servers
OCI (OKE) Connector

Integrated in Oracle Cloud:

  • Automatically sync configuration information from OKE control plane (K8s)

  • Support private/public IP address (In case VM is installed on OCI)
  • Add a Dynamic Manual option to allow LB on specific instance (configured on RS)
  • Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to OKE servers

Application Security

L7 FTP virtual server support Antivirus

FortiADC now scans upload/download files on L7 FTP virtual server to protect against the latest viruses, malware, spyware, and other threats.

Cookie Security - Support SameSite attribute

The SameSite attribute prevents the browser from sending this cookie along with cross-site requests, to mitigate the risk of cross-origin information leakage. It provides Strict, Lax, and None values for this attribute. The default value is Lax.

System

HA Enhancement

FortiADC now supports floating IPv6 address for HA-VRRP modes.

 

GUI and Visibility

FortiAnalyzer Connector

FortiAnalyzer Connector has been introduced to provide an easy way to send custom logs to FortiAnalyzer for real-time network Analytics and Log Management

FortiSIEM Connector

FortiSIEM Connector has been introduced to provide an easy way to send custom logs to FortiSIEM for Unified NOC and SOC Analytics.

GUI enhancements

The following enhancements are made in GUI:

  • Redesigned Logging and FortiView
  • License detail information is displayed when mouse hovering on dashboard license widget
  • GUI table style is changed