FortiADC 6.1.0 offers the following new features:
Starting 6.1.0, all FortiADC models can be switched to a new SSL Proxy mode, which can act as a dedicated SSL proxy device to offer full SSL encryption/decryption solution. It provides the following functions:
- Full SSL proxy (decrypt & re-encrypt traffic); Support TLS 1.3
- Firewall Load Balancing
- Full visibility for the SSL traffic on HTTPS or TCPS, especially to other security devices for deep inspection (Inline, or mirror)
- High performance SSL offloading by dedicated SSL ASIC
- Easy deployment using wizard configuration
In order to move to SSL Proxy, you need to change the device mode (only supported in CLI):
execute ssli mode enable
FortiADC explicit proxy provides a more secure way to control user access to the HTTP/HTTPS server. You can configure client browser proxy to point all the user requests to FortiADC's virtual server, then FortiADC forwards them to its back-end servers. For the SSL traffic, SSL tunnel will be established. This is a good solution for the deployment in which firewall has strict policy. You can set it to only trust FortiADC for web requests.
Integrated in SAP system to replace SAP Web Dispatcher for better availability and security:
- Automatically sync configuration information from SAP Message Server
- Load balancing, proxy all incoming requests (HTTP and HTTPS) from clients to application server (AS) of SAP system
Integrated in Amazon Cloud:
- Automatically sync configuration information from EKS control plane (K8s)
- Support private/public IP address (In case VM is installed on AWS)
- Add a Dynamic Manual option to allow Load Balance on specific instance (configured on RS)
- Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to EKS servers
Integrated in Oracle Cloud:
Automatically sync configuration information from OKE control plane (K8s)
- Support private/public IP address (In case VM is installed on OCI)
- Add a Dynamic Manual option to allow LB on specific instance (configured on RS)
- Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to OKE servers
FortiADC now scans upload/download files on L7 FTP virtual server to protect against the latest viruses, malware, spyware, and other threats.
The SameSite attribute prevents the browser from sending this cookie along with cross-site requests, to mitigate the risk of cross-origin information leakage. It provides Strict, Lax, and None values for this attribute. The default value is Lax.
FortiADC now supports floating IPv6 address for HA-VRRP modes.
FortiAnalyzer Connector has been introduced to provide an easy way to send custom logs to FortiAnalyzer for real-time network Analytics and Log Management
FortiSIEM Connector has been introduced to provide an easy way to send custom logs to FortiSIEM for Unified NOC and SOC Analytics.
The following enhancements are made in GUI:
- Redesigned Logging and FortiView
- License detail information is displayed when mouse hovering on dashboard license widget
- GUI table style is changed