Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What's new

FortiADC 6.2.0 offers the following new features:

Load Balance

OAuth 2.0 support

Open Authorization (OAuth) 2.0 is an authorization framework that enables applications to obtain limited access to HTTP services on behalf of a user. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2.0 provides authorization flows for web and desktop applications, and mobile devices.

FortiADC will only be supporting OAuth 2.0 which is the most widely used form of OAuth. There will be no backwards compatibility between OAuth 1.0 and OAuth 2.0 as their specifications are so different that they cannot be used together.

CAMELLIA Encryption Algorithm

New SSL ciphers have been added in the Client SSL profile and Server SSL profile:

  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • ECDHE-RSA-CAMELLIA256-SHA384

  • DHE-RSA-CAMELLIA256-SHA256

  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • ECDHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA256-SHA

New scripts to support WAF events and commands

A new set of Lua scripts have been added to manage WAF related events and actions. These scripts support functionalities that include enabling/disabling the WAF function, watching an event when the WAF scan starts or an attack is detected, and other custom actions.

Health check monitoring with continuous mode

The health check monitoring functionality has been enhanced to allow more settings to monitor the check and to display more information for the check results.

Security

WAF enhancement

The following enhancements have been made for the WAF:

  • Brute force protection support for offloading authentication

  • Cookie security support for cookies generated by FortiADC

Web Vulnerability Scanner integration with third-party report

FortiADC now supports integrations with third-party vendor scanner reports, including FortiWeb, Acunetix, IBM Appscan ,Whitehat, HP Webinspect ,QualysGuard, Telefonica FAAST, ImmuniWeb reports.

Web Vulnerability Scanner auto policy

You can now generate WAF policies based on FortiADC scan reports or third-party integrated reports. Users can modify the policy as needed and submit it to the virtual server to apply directly.

System

New platform 220F support

FortiADC 6.2.0 now supports the FortiADC 220F platform. For more information, please refer to the latest FortiADC datasheet.

Trust IP list to limit the access to management service for the interface

Currently, FortiADC supports allowaccess to allow/deny access to the interface management service. With the new Trust IP list feature, you will have more granular control over which IP addresses may be granted access to the interface management service.

HA pair on Azure using ARM templates

FortiADC is introducing a solution for HA on Azure that can eliminate the issue caused by time-consuming IP transfers in the event of HA failovers. Please refer to the new Azure deployment guide for the new HA setup on Azure.

Transfer files between HA devices

Use the new CLI command execute ha force transfer-file <file-name> <node-id> to sync files between HA devices. This could be used to get debug files on the backup device from the master when the backup device is not accessible in some situations.

Pre-login banner support for WebUI, Console and SSH login

You can now customized banner messages to show prior to login through WebUI, console and SSH.

New VM subscription license

Two new SKUs for VM subscription license support has been added, including the Standard Bundle and Advanced Bundle license.

VDOM link for inter-VDOM traffic

FortiADC now supports inter-VDOM routing setups that allow the traffic to be sent between VDOMs without additional physical interfaces that was previously required for multiple VDOM setups. At this time, inter-VDOM routing is only available for these classic scenarios: static route, PBR, L4 SLB, L7 SLB and NAT. It is currently not supported in IPv6 related configurations.

Factory reset command enhancement to keep VDOM, interface, and static route settings

Currently, performing a factory reset would clear all settings on the devices entirely which may not be ideal for some users who need to keep basic networking settings. For this, FortiADC has added a new alternative factory reset command that will allow users to clear all configurations but keep the settings for VDOM, interface, and static route.

Support -f option for grepping CLI output

You can now filter for the string in CLI configurations.

For example:

# show full-configuration | grep –f 10.0.0.1

This will show all entries with the IP 10.0.0.1

GUI

Redesign of the select checkbox for all tables

The select checkbox column has been removed for all tables. Now you can make your selection by clicking the row, or press Ctrl+Shift to select multiple rows.

What's new

FortiADC 6.2.0 offers the following new features:

Load Balance

OAuth 2.0 support

Open Authorization (OAuth) 2.0 is an authorization framework that enables applications to obtain limited access to HTTP services on behalf of a user. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2.0 provides authorization flows for web and desktop applications, and mobile devices.

FortiADC will only be supporting OAuth 2.0 which is the most widely used form of OAuth. There will be no backwards compatibility between OAuth 1.0 and OAuth 2.0 as their specifications are so different that they cannot be used together.

CAMELLIA Encryption Algorithm

New SSL ciphers have been added in the Client SSL profile and Server SSL profile:

  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • ECDHE-RSA-CAMELLIA256-SHA384

  • DHE-RSA-CAMELLIA256-SHA256

  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • ECDHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA256-SHA

New scripts to support WAF events and commands

A new set of Lua scripts have been added to manage WAF related events and actions. These scripts support functionalities that include enabling/disabling the WAF function, watching an event when the WAF scan starts or an attack is detected, and other custom actions.

Health check monitoring with continuous mode

The health check monitoring functionality has been enhanced to allow more settings to monitor the check and to display more information for the check results.

Security

WAF enhancement

The following enhancements have been made for the WAF:

  • Brute force protection support for offloading authentication

  • Cookie security support for cookies generated by FortiADC

Web Vulnerability Scanner integration with third-party report

FortiADC now supports integrations with third-party vendor scanner reports, including FortiWeb, Acunetix, IBM Appscan ,Whitehat, HP Webinspect ,QualysGuard, Telefonica FAAST, ImmuniWeb reports.

Web Vulnerability Scanner auto policy

You can now generate WAF policies based on FortiADC scan reports or third-party integrated reports. Users can modify the policy as needed and submit it to the virtual server to apply directly.

System

New platform 220F support

FortiADC 6.2.0 now supports the FortiADC 220F platform. For more information, please refer to the latest FortiADC datasheet.

Trust IP list to limit the access to management service for the interface

Currently, FortiADC supports allowaccess to allow/deny access to the interface management service. With the new Trust IP list feature, you will have more granular control over which IP addresses may be granted access to the interface management service.

HA pair on Azure using ARM templates

FortiADC is introducing a solution for HA on Azure that can eliminate the issue caused by time-consuming IP transfers in the event of HA failovers. Please refer to the new Azure deployment guide for the new HA setup on Azure.

Transfer files between HA devices

Use the new CLI command execute ha force transfer-file <file-name> <node-id> to sync files between HA devices. This could be used to get debug files on the backup device from the master when the backup device is not accessible in some situations.

Pre-login banner support for WebUI, Console and SSH login

You can now customized banner messages to show prior to login through WebUI, console and SSH.

New VM subscription license

Two new SKUs for VM subscription license support has been added, including the Standard Bundle and Advanced Bundle license.

VDOM link for inter-VDOM traffic

FortiADC now supports inter-VDOM routing setups that allow the traffic to be sent between VDOMs without additional physical interfaces that was previously required for multiple VDOM setups. At this time, inter-VDOM routing is only available for these classic scenarios: static route, PBR, L4 SLB, L7 SLB and NAT. It is currently not supported in IPv6 related configurations.

Factory reset command enhancement to keep VDOM, interface, and static route settings

Currently, performing a factory reset would clear all settings on the devices entirely which may not be ideal for some users who need to keep basic networking settings. For this, FortiADC has added a new alternative factory reset command that will allow users to clear all configurations but keep the settings for VDOM, interface, and static route.

Support -f option for grepping CLI output

You can now filter for the string in CLI configurations.

For example:

# show full-configuration | grep –f 10.0.0.1

This will show all entries with the IP 10.0.0.1

GUI

Redesign of the select checkbox for all tables

The select checkbox column has been removed for all tables. Now you can make your selection by clicking the row, or press Ctrl+Shift to select multiple rows.