What's new
FortiADC 6.1.0 offers the following new features:
Server Load Balance
SSL Proxy mode
Starting 6.1.0, all FortiADC models can be switched to a new SSL Proxy mode, which can act as a dedicated SSL proxy device to offer full SSL encryption/decryption solution. It provides the following functions:
- Full SSL proxy (decrypt & re-encrypt traffic); Support TLS 1.3
- Firewall Load Balancing
- Full visibility for the SSL traffic on HTTPS or TCPS, especially to other security devices for deep inspection (Inline, or mirror)
- High performance SSL offloading by dedicated SSL ASIC
- Easy deployment using wizard configuration
In order to move to SSL Proxy, you need to change the device mode (only supported in CLI):
execute ssli mode enable
HTTP/HTTPS explicit forward proxy
FortiADC explicit proxy provides a more secure way to control user access to the HTTP/HTTPS server. You can configure client browser proxy to point all the user requests to FortiADC's virtual server, then FortiADC forwards them to its back-end servers. For the SSL traffic, SSL tunnel will be established. This is a good solution for the deployment in which firewall has strict policy. You can set it to only trust FortiADC for web requests.
Application Automation
SAP Connector
Integrated in SAP system to replace SAP Web Dispatcher for better availability and security:
- Automatically sync configuration information from SAP Message Server
- Load balancing, proxy all incoming requests (HTTP and HTTPS) from clients to application server (AS) of SAP system
AWS (EKS) Connector
Integrated in Amazon Cloud:
- Automatically sync configuration information from EKS control plane (K8s)
- Support private/public IP address (In case VM is installed on AWS)
- Add a Dynamic Manual option to allow Load Balance on specific instance (configured on RS)
- Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to EKS servers
OCI (OKE) Connector
Integrated in Oracle Cloud:
-
Automatically sync configuration information from OKE control plane (K8s)
- Support private/public IP address (In case VM is installed on OCI)
- Add a Dynamic Manual option to allow LB on specific instance (configured on RS)
- Load Balancing, proxy all incoming requests (HTTP and HTTPS) from clients to OKE servers
Application Security
L7 FTP virtual server support Antivirus
FortiADC now scans upload/download files on L7 FTP virtual server to protect against the latest viruses, malware, spyware, and other threats.
Cookie Security - Support SameSite attribute
The SameSite attribute prevents the browser from sending this cookie along with cross-site requests, to mitigate the risk of cross-origin information leakage. It provides Strict, Lax, and None values for this attribute. The default value is Lax.
System
HA Enhancement
FortiADC now supports floating IPv6 address for HA-VRRP modes.
GUI and Visibility
FortiAnalyzer Connector
FortiAnalyzer Connector has been introduced to provide an easy way to send custom logs to FortiAnalyzer for real-time network Analytics and Log Management
FortiSIEM Connector
FortiSIEM Connector has been introduced to provide an easy way to send custom logs to FortiSIEM for Unified NOC and SOC Analytics.
GUI enhancements
The following enhancements are made in GUI:
- Redesigned Logging and FortiView
- License detail information is displayed when mouse hovering on dashboard license widget
- GUI table style is changed