Networking
This section introduces new networking features in FortiOS 6.0.
SD-WAN improvements
FortiOS 6.0 introduces the following SD-WAN features:
- Multiple server support for health checks
- Internet service groups
- Bandwidth options in SD-WAN rules
- Custom profiles in SD-WAN rules
- DSCP tagging of forwarded packets in SD-WAN rules
For more information, see SD-WAN.
Multipath intelligence and performance SLAs
SD-WAN performance Service-Level Agreements (SLAs) incorporate multilayer SLA monitoring of link selection. To help handle emergency load or outages you can select links based on weight and SLA priority and then return to defaults once the network stabilizes. Also, traffic shaping and application intelligence have been added to the SD-WAN configuration, which gives you more control of SD-WAN traffic.
For more information, see SD-WAN.
Application awareness
You can now use application control and application control group options in SD-WAN rules.
Internet Service support is also increased from a single Internet Service to Internet Service groups.
For more information, see SD-WAN.
BGP dynamic routing and IPv6 support for SD-WAN
FortiOS 6.0 introduces support for dynamic router for an SD-WAN configuration. You can set up a route map and add a route tag to the route map. Then, you can create an SD-WAN configuration, a health check, and a service for it. When you create the service, you add the configured route tag that you created in the route map to the service.
For more information, see SD-WAN.
Interface-based traffic shaping
In FortiOS 6.0, you can now enable traffic shaping on an interface. Interface-based traffic shaping allows you to enforce bandwidth limits by traffic type for individual interfaces.
Cloud-assisted one-click VPN
One-click VPN (OCVPN) is a cloud-based solution that greatly simplifies the provisioning and configuration of IPsec VPN. The administrator enables OCVPN with a single click, adds the required subnets, and then the configuration is complete. The OCVPN updates each FortiGate automatically as devices join and leave the VPN, as subnets are added and removed, when dynamic external IP addresses change (for example, DHCP or PPPoE), and when WAN interface bindings change (as in the case of dual WAN redundancy).
For more information, see One-Click VPN (OCVPN).
IPv6 enhancements
The following new IPv6 features have been added.
- IPv6 captive portal
- IPv6 FQDN and wildcard firewall addresses
- IPv6 ISIS dynamic routing
- DHCPv6 server prefix delegation
- IPv6 DFD and VRRP
For more information, see IPv6.
NAT enhancements
The following new NAT features have been added.
- Central source NAT (SNAT) policies now include a comment field
- Port block allocation timeout is configurable
- NAT46 IP pools
- VRRP HA supports firewall virtual IPs (VIPs) and IP pools
For more information, see NAT.
EMAC-VLAN support
The media access control (MAC) virtual local area network (VLAN) feature in Linux allows you to configure multiple virtual interfaces with different MAC addresses (and therefore different IP addresses) on a physical interface.
For more information, see Enhanced MAC VLANs.