Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What's new

FortiADC 5.4.0 offers the following new features:

Server Load Balance

  • Configure real server by FQDN

    In some customer deployments, the real servers (RS) change their IP address due to autoscaling, upgrades, etc, which requires RS IP settings to be changed in RS pool accordingly.

    This feature will support configuring FQDN for a real server. FAD will query the DNS server periodically and once the IP address changes, it will resolve the new IP address for this real server automatically.

  • Customizable authentication form for Form Based Authentication

    Beyond the default authentication form, customers can also upload a user-defined login page for all the form-based authentications. Customers are able to define their own authentication portal.

  • Manage HTTP persistence via script

    Customers can define any persistence rule to distribute real server via Lua script, no longer limited to the configurable persistence types.

    New script commands added to set/read/dump persistence rules, and new events PERSISTENCE/POST_PERSIST.

    Please refer to the latest script guide for an example.

  • HTTP 1.1 health check and user defined HTTP header fields

    Customers can select HTTP version 1.0 or 1.1 for HTTP/HTTPS health checks and also send additional strings in HTTP headers.

  • LDAP health check

    Support for detecting LDAP server health status.

Security

  • More data type checks in input validation

    Support regex type for parameter validation rule in addition to current length check.

    Added predefined data types for customers to choose, including US zip code, US SSN, etc.

  • OpenAPI validations

    Allows customers to import OpenAPI documents (YAML or JSON format) to validate HTTP request headers, including servers validation, path validation, parameters validation, cookie validation, and request body validation.

  • Enhance search engine crawler in bot detection

    Support bypass option for well-known search engines; it will not log events of these search engines' access.

    Updated the latest search engines including Ask, Sogou and Tiktok.

  • OWASP-top10 Wizard policy

    Create an OWASP-top-10 policy with a few clicks.

  • More information included in WAF log

    Provide more detailed information about the attack event in the log, including signature example, attack defend suggestion etc.

  • Firewall traffic logging support

SSL

  • OCSP configuration enhancement

    OCSP configuration GUI redesign streamlines OCSP setup process.

  • Support SafeNet Luna Network HSM 7

System

  • New platform 5000F

    The high end platform FADC 5000F is released with 5.4.0. This 2U platform has 4 x 100G and 8 x 40G ports, and offers high performance for your data center (L4 up to 250Gbps, L7 HTTP up to 220G, SSL offloading up to 120Gbps). Supports 40G port breakout, splitting 40G port into 4 separate 10G ports.

    Please refer to the latest datasheet for more information.

  • Cloud-init scripts support on AWS and VMware

    Cloud-init is the industry standard start-up agent installed on virtual machines to facilitate cloud deployments. It will speed up the initialization of your FAD instance by passing user data like ssh keys and bash scripts.

  • Cloud templates and autoscaling solution on AWS
  • Force default password change upon first-time login

    In accordance with “California Privacy Law and Authentication Requirements", default passwords are no longer allowed.

  • New log maintaining strategy when log data size exceeds threshold

    When log data size exceeds threshold, it will take some time to clear the old data in backend, which may cause CPU high usage. The new log table design clears old data faster.

  • OSPF Stub Area support: summary stub and no-summary stub

    FAD can be placed in a stub area in order not to receive all routes from area 0.

GUI enhancement

  • Removed Physical Topology page in FortiView
  • FortiView>Logic Topology page

    Supports more filters, shows more information when you hover over a virtual server, etc.

  • FortiView>Vitual Server page

    Shows all virtual servers by default; shows all real servers below when you click on the virtual servers row

  • Added "Regex Test" tool on all configuration pages, which includes regex settings

What's new

FortiADC 5.4.0 offers the following new features:

Server Load Balance

  • Configure real server by FQDN

    In some customer deployments, the real servers (RS) change their IP address due to autoscaling, upgrades, etc, which requires RS IP settings to be changed in RS pool accordingly.

    This feature will support configuring FQDN for a real server. FAD will query the DNS server periodically and once the IP address changes, it will resolve the new IP address for this real server automatically.

  • Customizable authentication form for Form Based Authentication

    Beyond the default authentication form, customers can also upload a user-defined login page for all the form-based authentications. Customers are able to define their own authentication portal.

  • Manage HTTP persistence via script

    Customers can define any persistence rule to distribute real server via Lua script, no longer limited to the configurable persistence types.

    New script commands added to set/read/dump persistence rules, and new events PERSISTENCE/POST_PERSIST.

    Please refer to the latest script guide for an example.

  • HTTP 1.1 health check and user defined HTTP header fields

    Customers can select HTTP version 1.0 or 1.1 for HTTP/HTTPS health checks and also send additional strings in HTTP headers.

  • LDAP health check

    Support for detecting LDAP server health status.

Security

  • More data type checks in input validation

    Support regex type for parameter validation rule in addition to current length check.

    Added predefined data types for customers to choose, including US zip code, US SSN, etc.

  • OpenAPI validations

    Allows customers to import OpenAPI documents (YAML or JSON format) to validate HTTP request headers, including servers validation, path validation, parameters validation, cookie validation, and request body validation.

  • Enhance search engine crawler in bot detection

    Support bypass option for well-known search engines; it will not log events of these search engines' access.

    Updated the latest search engines including Ask, Sogou and Tiktok.

  • OWASP-top10 Wizard policy

    Create an OWASP-top-10 policy with a few clicks.

  • More information included in WAF log

    Provide more detailed information about the attack event in the log, including signature example, attack defend suggestion etc.

  • Firewall traffic logging support

SSL

  • OCSP configuration enhancement

    OCSP configuration GUI redesign streamlines OCSP setup process.

  • Support SafeNet Luna Network HSM 7

System

  • New platform 5000F

    The high end platform FADC 5000F is released with 5.4.0. This 2U platform has 4 x 100G and 8 x 40G ports, and offers high performance for your data center (L4 up to 250Gbps, L7 HTTP up to 220G, SSL offloading up to 120Gbps). Supports 40G port breakout, splitting 40G port into 4 separate 10G ports.

    Please refer to the latest datasheet for more information.

  • Cloud-init scripts support on AWS and VMware

    Cloud-init is the industry standard start-up agent installed on virtual machines to facilitate cloud deployments. It will speed up the initialization of your FAD instance by passing user data like ssh keys and bash scripts.

  • Cloud templates and autoscaling solution on AWS
  • Force default password change upon first-time login

    In accordance with “California Privacy Law and Authentication Requirements", default passwords are no longer allowed.

  • New log maintaining strategy when log data size exceeds threshold

    When log data size exceeds threshold, it will take some time to clear the old data in backend, which may cause CPU high usage. The new log table design clears old data faster.

  • OSPF Stub Area support: summary stub and no-summary stub

    FAD can be placed in a stub area in order not to receive all routes from area 0.

GUI enhancement

  • Removed Physical Topology page in FortiView
  • FortiView>Logic Topology page

    Supports more filters, shows more information when you hover over a virtual server, etc.

  • FortiView>Vitual Server page

    Shows all virtual servers by default; shows all real servers below when you click on the virtual servers row

  • Added "Regex Test" tool on all configuration pages, which includes regex settings