Fortinet black logo

Administration Guide

What's new

What's new

To upgrade from versions earlier than 6.3.9, you need to upgrade to 6.3.9 first , then to 6.3.17.

If you are currently running 6.3.12, please upgrade immediately.

Version 6.3.12 has a potential issue when FortiWeb is deployed in HA mode and it is now obsolete.

Optimization of IP Protection policies

To optimize performance FortiWeb now executes IP Reputation and IP List policies at the TCP layer to avoid HTTP packets being processed unnecessarily. This is only enabled when Server Objects > X-Forwarded-For is not used. It's now also supported to set the trigger action to Deny (no log) or Period Block to avoid alert flooding.

includeSubDomains and preload headers support

The includeSubDomains and preload options are now supported in HSTS Header (Server Policy > Add HSTS Header).

Removing support for RestAPI 1.0

For security reasons, RestAPI 1.0 is not supported in FortiWeb 6.3.17 and later versions. Afterwards we only support RestAPI 2.0.

Redis database rebuild

A new command execute redis rebuild is added to clean and rebuild the database for ML and Client Management. The old command execute redis rebuild is now used to rebuild the database for disklog.

Traffic logging default behavior change

To avoid unnecessary resource consumption, the system by default doesn't generate traffic log for all server policies unless specified. In order for the traffic log to work, not only should it be enabled via “Other Log Settings” under Log&Report, but also in server policy settings via the CLI command config server-policy policy.

What's new

To upgrade from versions earlier than 6.3.9, you need to upgrade to 6.3.9 first , then to 6.3.17.

If you are currently running 6.3.12, please upgrade immediately.

Version 6.3.12 has a potential issue when FortiWeb is deployed in HA mode and it is now obsolete.

Optimization of IP Protection policies

To optimize performance FortiWeb now executes IP Reputation and IP List policies at the TCP layer to avoid HTTP packets being processed unnecessarily. This is only enabled when Server Objects > X-Forwarded-For is not used. It's now also supported to set the trigger action to Deny (no log) or Period Block to avoid alert flooding.

includeSubDomains and preload headers support

The includeSubDomains and preload options are now supported in HSTS Header (Server Policy > Add HSTS Header).

Removing support for RestAPI 1.0

For security reasons, RestAPI 1.0 is not supported in FortiWeb 6.3.17 and later versions. Afterwards we only support RestAPI 2.0.

Redis database rebuild

A new command execute redis rebuild is added to clean and rebuild the database for ML and Client Management. The old command execute redis rebuild is now used to rebuild the database for disklog.

Traffic logging default behavior change

To avoid unnecessary resource consumption, the system by default doesn't generate traffic log for all server policies unless specified. In order for the traffic log to work, not only should it be enabled via “Other Log Settings” under Log&Report, but also in server policy settings via the CLI command config server-policy policy.