Special notes
Suggestions
-
HSM doesn't support TLS v1.3. If the HSM certificate is used in VS, the TLS v1.3 handshake will fail.
Workaround: Uncheck the TLSv1.3 in the SSL profile if you're using the HSM certificate to avoid potential handshake failure. - The backup config file in versions 5.2.0-5.2.4/5.3.0-5.3.1 containing certificate config might not be restored properly (causing config to be lost). After upgrading to version 7.0.1, please discard the old 5.2.x/5.3.x config file and back up the config file in 7.0.1 again.
- Keep the old SSL version predefined config to ensure a smooth upgrade.
-
Since the v4.7.x release, FortiADC has introduced a parameter called
config-priotity
for HA configuration. It allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. Therefore, upon upgrading to FortiADC 4.7.x or higher, we strongly recommend that you use this option to manually set different HA configuration priority values on the HA nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior.When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.
The request-body-detection in the WAF web-attack-signature profile will be changed from "disable" to "enable" automatically after upgrading to FortiADC 5.4.0.
-
In version 6.2.0, the default mode of QAT SSL has been changed to polling.
-
To use the SRIOV feature, users must deploy a new VM.
-
Before downgrading from 7.0.1, ensure the new L7 TCP or L7 UDP application profiles are deleted or changed to a profile type that is supported in the downgrade version. Otherwise, this will cause the cmdb to crash.
-
When deploying the new GSLB based on FortiADC 7.0.0, the verify-CA function will be enabled by default.