Fortinet Document Library

Version:

Version:


Table of Contents

Handbook

Download PDF
Copy Link

Configuring HTTP2 profiles

You can now create application profiles that support HTTP2. To do so, you must first create an HTTP2 Profile, then use that profile when creating a new application profile.

To configure HTTP2 profiles:
  1. Go to Server Load Balance > Application Resources. Click the HTTP2 Profile tab.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration as described in HTTP2 profile configuration guidelines.
  4. Save the configuration.

HTTP2 profile configuration guidelines

Type Profile Configuration Guidelines

Name

Specify a unique name for the HTTP2 profile.

Priority Mode

Set to Best Effort. Not configurable.

Upgrade Mode Set to Upgradeable. Not configurable.
Max Concurrent Stream Specify the maximum number of concurrent streams available at one time. The default number is 5.
Max Receive Window Specify the maximum number of bytes that can be received without sending an acknowledgment response. The default is 65535 bytes.
Max Frame Size Specify the max size of the data frames, in bytes that the HTTP2 protocol sends to the client. Setting a large frame size improves network utilization, but it can also affect concurrency. The default is 16384 bytes.
Header Table Size Specify the size of the header table, in KB. A larger table size allows for better HTTP header compression, but it requires more memory. The default is 4096.
Header List Limitation Specify the size of the name value length , in bytes, that the HTTP2 protocol sends in a single header frame. The default is 65536.
SSL Constraint

Enable or disable SSL constraint. If enabled, the following conditions must be met:

  • The TLS implementation supports Server Name Indication.
  • The TLS implementation disables compression.
  • The TLS implementation disables renegotiation.
  • Renegotiation takes place before the connection preface is sent.
  • HTTP/2 uses cipher suites with ephemeral key exchange.
  • Ephemeral key exchange has a size of at least 2048 bits (for DHE) or a security level of at least 128 bits (for ECDHE).
  • Clients accept DHE no smaller than 4096 bits.
  • Stream or block ciphers are not used with HTTP.

Configuring HTTP2 profiles

You can now create application profiles that support HTTP2. To do so, you must first create an HTTP2 Profile, then use that profile when creating a new application profile.

To configure HTTP2 profiles:
  1. Go to Server Load Balance > Application Resources. Click the HTTP2 Profile tab.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration as described in HTTP2 profile configuration guidelines.
  4. Save the configuration.

HTTP2 profile configuration guidelines

Type Profile Configuration Guidelines

Name

Specify a unique name for the HTTP2 profile.

Priority Mode

Set to Best Effort. Not configurable.

Upgrade Mode Set to Upgradeable. Not configurable.
Max Concurrent Stream Specify the maximum number of concurrent streams available at one time. The default number is 5.
Max Receive Window Specify the maximum number of bytes that can be received without sending an acknowledgment response. The default is 65535 bytes.
Max Frame Size Specify the max size of the data frames, in bytes that the HTTP2 protocol sends to the client. Setting a large frame size improves network utilization, but it can also affect concurrency. The default is 16384 bytes.
Header Table Size Specify the size of the header table, in KB. A larger table size allows for better HTTP header compression, but it requires more memory. The default is 4096.
Header List Limitation Specify the size of the name value length , in bytes, that the HTTP2 protocol sends in a single header frame. The default is 65536.
SSL Constraint

Enable or disable SSL constraint. If enabled, the following conditions must be met:

  • The TLS implementation supports Server Name Indication.
  • The TLS implementation disables compression.
  • The TLS implementation disables renegotiation.
  • Renegotiation takes place before the connection preface is sent.
  • HTTP/2 uses cipher suites with ephemeral key exchange.
  • Ephemeral key exchange has a size of at least 2048 bits (for DHE) or a security level of at least 128 bits (for ECDHE).
  • Clients accept DHE no smaller than 4096 bits.
  • Stream or block ciphers are not used with HTTP.