Fortinet black logo

Handbook

Home FortiADC 7.4.2 Handbook
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

What's New

What’s New

New FortiADC License Bundles

FortiADC now offers 3 new license bundle options designed to revolutionize your Application Delivery security posture:

Network Security

Fortify your infrastructure against any network threats with advanced networking security features. This bundle ensures robust protection, minimizes vulnerabilities, and safeguards your network integrity. The Network Security Bundle includes IP Reputation and GeoIP, FortiGuard AntiVirus, and Intrusion Prevention features.

Application Security

Shield your applications from potential attacks with the comprehensive Application Security Bundle. Benefit from tailored defenses against application-specific threats, ensuring your critical applications achieve uninterrupted performance and reliability. In addition to the protections offered in the Network Security Bundle, the Application Security Bundle includes Web Application Security Signatures, Credential Stuffing Defense, Sandbox Cloud, and FortiGuard DLP features

AI Security

Embrace the future of cybersecurity with the AI Security Bundle. Powered by cutting-edge AI/ML models, this bundle offers proactive defense against sophisticated attacks. Analyze threats in real-time, allowing you to stay ahead of cyber threats and respond effectively. The AI Security Bundle is the most comprehensive bundle, not only covering both the Network Security Bundle and Application Security Bundle offerings but also including the new Threat Analytics and Advanced Bot Protection features. The AI Security Bundle is designed to leverage AI-driven insights for proactive threat detection, enabling rapid response and mitigation.

What's New in FortiADC 7.4.2

New Services
AI Threat Analytics

FortiADC now supports Fortinet AI Threat Analytics that leverage machine learning to identify significant threats and zoom in on the threats that matter. The Fortinet AI Threat Analytics engine identifies unknown attack patterns by parsing through all FortiADC security logs and then aggregating similar or related security logs into meaningful security incidents. This allows you to use these identified attack patterns to protect your application against the identified threats.

Threat Analytics continuously assess your security posture by monitoring attacks on your web assets together with evaluating your WAF configuration. Attack data is cross referenced across our entire customer base to correlate suspicious and anomalous traffic and alert customers when susceptible to attacks based on their configuration. Threat Analytics Insights provide recommended actions that can enhance your WAF configuration settings, block future attacks and reduce false positives.

FortiADC supports the integration with Fortinet AI Threat Analytics via the Threat Analytics Fabric Connector. To enable the AI Threat Analytics functionality, you must have a valid license to the Fortinet AI Threat Analytics service. FortiADC offers a 14-day evaluation license to customers who would want to evaluate the Fortinet AI Threat Analytics service. To activate the 14-day Evaluation license, enable Threat Analytics connector from Security Fabric > Fabric Connectors.

Data Loss Prevention

FortiADC's Data Loss Prevention functionality has now integrated with the FortiGuard DLP service, allowing FortiADC to download DLP signatures directly from FortiGuard to enrich the FortiADC DLP signature data types. The previous DLP configuration (under the Sensitive Data Prevention module) has now been enhanced and expanded in the new Data Loss Prevention module, featuring new DLP sensor and DLP dictionary configurations to use as part of the DLP Policy.

Security
DNS DDoS Protection

FortiADC DoS Protection now provides Layer 7 DNS query rate limit to mitigate DNS query flood and DNS reverse flood attacks that both aim to overwhelm networks and servers with high volumes of DNS requests/responses. The query rate limit allows you to control the network traffic flow to the Layer 7 DNS server by restricting the number of requests that can be made within a period of time. Once the query rate exceeds the limit, it will trigger a corresponding action (Pass or Deny).

SSL Forward Proxy Enhancement

The FortiADC SSL Forward Proxy can now return re-signed local certificates with modified CN (or SAN) matching the ClientHello Server Name Indication (SNI). This enhancement allows the proxy to act automatically when the SNI is detected in the ClientHello message to return a re-signed local certificate to the client. The Common Name (CN) and/or Subject Alternative Name (SAN) of this certificate will be adeptly modified to align with the SNI, ensuring a seamless and trustworthy SSL handshake process.

GUI
Feature Tour

When you login to your FortiADC, the GUI will now display Feature Highlights as a pop-up dialog to provide introductions about select features you should know about from the release.

Other Enhancements
FortiGuard DLP download support

You can now install and manage DLP Signature packages from FortiGuard via the System > FortiGuard page.

FQDN support for Syslog Remote Server

To support log forwarding to Cloud services which is critical to features such as Threat Analytics, FortiADC has now added FQDN as an address type in the Syslog Server configuration.

LDAPS Health Check

FortiADC now supports periodic asynchronous detection and CA profile for LDAPS health check using the OpenLDAP API. The new LDAPS health check periodically checks the LDAPS service to which it is bound by authenticating and sending it a search query. If the search is successful, the service is marked UP. If the LDAPS server does not locate the entry, a failure message is sent to the LDAPS monitor, and the service is marked DOWN.

Trust IP Support for Management Interface

You can now enable Management Trust IP and configure a Management Trust IP Address List to specify IP addresses that can access the management interface.

Shared Lua Table for Scripting

FortiADC Scripting now supports a shared Lua table interface, which is a common shared hash table library that uses shared memory and reader/writer locks. This allows multiple processes to share data via Lua scripting.

Previous
Next

What’s New

New FortiADC License Bundles

FortiADC now offers 3 new license bundle options designed to revolutionize your Application Delivery security posture:

Network Security

Fortify your infrastructure against any network threats with advanced networking security features. This bundle ensures robust protection, minimizes vulnerabilities, and safeguards your network integrity. The Network Security Bundle includes IP Reputation and GeoIP, FortiGuard AntiVirus, and Intrusion Prevention features.

Application Security

Shield your applications from potential attacks with the comprehensive Application Security Bundle. Benefit from tailored defenses against application-specific threats, ensuring your critical applications achieve uninterrupted performance and reliability. In addition to the protections offered in the Network Security Bundle, the Application Security Bundle includes Web Application Security Signatures, Credential Stuffing Defense, Sandbox Cloud, and FortiGuard DLP features

AI Security

Embrace the future of cybersecurity with the AI Security Bundle. Powered by cutting-edge AI/ML models, this bundle offers proactive defense against sophisticated attacks. Analyze threats in real-time, allowing you to stay ahead of cyber threats and respond effectively. The AI Security Bundle is the most comprehensive bundle, not only covering both the Network Security Bundle and Application Security Bundle offerings but also including the new Threat Analytics and Advanced Bot Protection features. The AI Security Bundle is designed to leverage AI-driven insights for proactive threat detection, enabling rapid response and mitigation.

What's New in FortiADC 7.4.2

New Services
AI Threat Analytics

FortiADC now supports Fortinet AI Threat Analytics that leverage machine learning to identify significant threats and zoom in on the threats that matter. The Fortinet AI Threat Analytics engine identifies unknown attack patterns by parsing through all FortiADC security logs and then aggregating similar or related security logs into meaningful security incidents. This allows you to use these identified attack patterns to protect your application against the identified threats.

Threat Analytics continuously assess your security posture by monitoring attacks on your web assets together with evaluating your WAF configuration. Attack data is cross referenced across our entire customer base to correlate suspicious and anomalous traffic and alert customers when susceptible to attacks based on their configuration. Threat Analytics Insights provide recommended actions that can enhance your WAF configuration settings, block future attacks and reduce false positives.

FortiADC supports the integration with Fortinet AI Threat Analytics via the Threat Analytics Fabric Connector. To enable the AI Threat Analytics functionality, you must have a valid license to the Fortinet AI Threat Analytics service. FortiADC offers a 14-day evaluation license to customers who would want to evaluate the Fortinet AI Threat Analytics service. To activate the 14-day Evaluation license, enable Threat Analytics connector from Security Fabric > Fabric Connectors.

Data Loss Prevention

FortiADC's Data Loss Prevention functionality has now integrated with the FortiGuard DLP service, allowing FortiADC to download DLP signatures directly from FortiGuard to enrich the FortiADC DLP signature data types. The previous DLP configuration (under the Sensitive Data Prevention module) has now been enhanced and expanded in the new Data Loss Prevention module, featuring new DLP sensor and DLP dictionary configurations to use as part of the DLP Policy.

Security
DNS DDoS Protection

FortiADC DoS Protection now provides Layer 7 DNS query rate limit to mitigate DNS query flood and DNS reverse flood attacks that both aim to overwhelm networks and servers with high volumes of DNS requests/responses. The query rate limit allows you to control the network traffic flow to the Layer 7 DNS server by restricting the number of requests that can be made within a period of time. Once the query rate exceeds the limit, it will trigger a corresponding action (Pass or Deny).

SSL Forward Proxy Enhancement

The FortiADC SSL Forward Proxy can now return re-signed local certificates with modified CN (or SAN) matching the ClientHello Server Name Indication (SNI). This enhancement allows the proxy to act automatically when the SNI is detected in the ClientHello message to return a re-signed local certificate to the client. The Common Name (CN) and/or Subject Alternative Name (SAN) of this certificate will be adeptly modified to align with the SNI, ensuring a seamless and trustworthy SSL handshake process.

GUI
Feature Tour

When you login to your FortiADC, the GUI will now display Feature Highlights as a pop-up dialog to provide introductions about select features you should know about from the release.

Other Enhancements
FortiGuard DLP download support

You can now install and manage DLP Signature packages from FortiGuard via the System > FortiGuard page.

FQDN support for Syslog Remote Server

To support log forwarding to Cloud services which is critical to features such as Threat Analytics, FortiADC has now added FQDN as an address type in the Syslog Server configuration.

LDAPS Health Check

FortiADC now supports periodic asynchronous detection and CA profile for LDAPS health check using the OpenLDAP API. The new LDAPS health check periodically checks the LDAPS service to which it is bound by authenticating and sending it a search query. If the search is successful, the service is marked UP. If the LDAPS server does not locate the entry, a failure message is sent to the LDAPS monitor, and the service is marked DOWN.

Trust IP Support for Management Interface

You can now enable Management Trust IP and configure a Management Trust IP Address List to specify IP addresses that can access the management interface.

Shared Lua Table for Scripting

FortiADC Scripting now supports a shared Lua table interface, which is a common shared hash table library that uses shared memory and reader/writer locks. This allows multiple processes to share data via Lua scripting.

Previous
Next