Fortinet Document Library
Version:
6.1.0
6.0.1
6.0.0
Version:
5.4.3
5.4.2
5.4.1
Version:
5.4.0
5.3.6
5.3.5
Version:
5.3.4
5.3.3
5.3.2
Version:
5.3.1
5.3.0
5.2.7
Table of Contents
Introduction
Chapter 1: What's New
Chapter 2: Key Concepts and Features
Server load balancing
Link load balancing
Global load balancing
Security
High availability
Virtual domains
Chapter 3: Getting Started
Step 1: Install the appliance
Step 2: Configure the management interface
Step 3: Configure basic network settings
Step 4: Test connectivity to destination servers
Step 5: Complete product registration, licensing, and upgrades
Step 6: Configure a basic server load balancing policy
Step 7: Test the deployment
Step 8: Back up the configuration
Chapter 4: Server Load Balancing
Server load balancing basics
Server load balancing configuration overview
Configuring virtual servers
Using content rewriting rules
HSTS and HPKP support
Configuring content routes
Using source pools
Using schedule pools
Using clone pools
Configuring profiles
WebSocket load-balancing
Configuring MySQLprofiles
Configuring client SSL profiles
Configuring HTTP2 profiles
Configuring load-balancing (LB) methods
Configuring persistence rules
Configuring error pages
Configuring decompression rules
Creating a PageSpeed configuration
Creating PageSpeed profiles
PageSpeed support and restrictions
Configuring compression rules
Compression and decompression
Configuring caching rules
Using real server pools
Configuring real servers
Configuring real server SSL profiles
Using scripts
Configuring an L2 exception list
Creating a Web Filter Profile configuration
Using the Web Category tab
Configuring certificate caching
TCP multiplexing
Chapter 5: Link Load Balancing
Link load balancing basics
Link load balancing configuration overview
Configuring link policies
Configuring a link group
Configuring gateway links
Configuring persistence rules
Configuring proximity route settings
Configuring a virtual tunnel group
Chapter 6: Global Load Balancing
Global load balancing basics
Global load balancing configuration overview
Configuring servers
Configuring a global load balance link
Configuring data centers
Configuring hosts
Configuring wizard
Configuring virtual server pools
Configuring location lists
Logical Topology
Configuring a Global DNS policy
Configuring DNS zones
Configuring general settings
Configuring the trust anchor key
Configuring DNS64
Configuring the DSSET list
Configuring an address group
Configuring remote DNS servers
Configuring the response rate limit
Chapter 7: Network Security
Security features basics
Managing IP Reputation policy settings
Configure IP reputation exception
Configure IP reputation black list
Using the Geo IP block list
Using the Geo IP whitelist
Special Geo codes
Enabling denial of service protection
Configuring an IPv4 firewall policy
Configuring an IPv6 firewall policy
Configuring an IPv4 connection limit policy
Configuring an IPv6 connection limit policy
Anti-virus
Creating an AV profile
Setting AV quarantine policies
Viewing the quarantine monitor
Setting AV service level
Configuring IPS
Chapter 8: DoS Protection
Configuring DoS Protection Profile
Configuring HTTP access limit policy
Configuring HTTP connection flood policy
Configuring an HTTP request flood policy
Configuring an IP fragmentation policy
Configuring a TCP SYN flood protection policy
Configuring a TCP slow data flood protection policy
Chapter 9: Web Application Firewall
Web application firewall basics
Web application firewall configuration overview
Configuring a WAF Profile
Configuring a Web Attack Signature policy
Configuring a URL Protection policy
Configuring an Advanced Protection policy
Configuring an HTTP Protocol Constraint policy
Configuring CSRF protection
Configuring brute force attack detection
Configuring an SQL/XSS Injection Detection policy
Configuring WAF Exception objects
Configuring a Bot Detection policy
Configuring a Cookie Security policy
Configuring sensitive data protection
Configuring XML Detection
Configuring JSON detection
Importing XML schema
Uploading WSDL files
Importing JSON schema
Input Validation
Web Vulnerability Scanner
WVS Profile
WVS Login
WVS Exceptions
WVS Report
Chapter 10: User Authentication
Configuring AD FS Proxy
Configuring authentication policies
Configuring user groups
Using the local authentication server
Using an LDAP authentication server
Using a RADIUS authentication server
Configuring Duo authentication server support
Using Kerberos Authentication Relay
Two-factor authentication
Using HTTP Basic SSO
SAML and SSO
Configure a SAML service provider
Import IDP Metadata
Chapter 11: Shared Resources
Configuring health checks
Configuring health check monitor
Creating schedule groups
Creating IP address objects
Configuring address groups
Creating IPv6 address objects
Configuring address groups
Managing the ISP address books
Creating service objects
Creating service groups
Configuring WCCP
Chapter 12: Basic Networking
Configuring network interfaces
Configuring management interface
Configuring static routes
Configuring policy routes
Chapter 13: System Management
Configuring basic system settings
Configuring system time
Updating firmware
Configuring an SMTP mail server
Configuring FortiGuard service settings
Pushing/pulling configurations
Configuring FortiSandbox service
Backing up and restoring the configuration
SCP support for configuration backup
Rebooting, resetting, and shutting down the system
Create a traffic group
Manage administrator users
Create administrator users
Configure access profiles
Enable password policies
Configuring SNMP
Download SNMP MIBs
Configure SNMP threshold
Configure SNMP v1/v2
Configure SNMP v3
Configuring central management
Managing and validating certificates
Generating a certificate signing request
Creating a local certificate group
Importing intermediate CAs
Creating an intermediate CA group
OCSP stapling
Validating certificates
Importing CRLs
Adding OCSPs
Importing OCSP signing certificates
Importing CAs
Creating a CA group
System alerts
Configuring alert actions
Configuring alert policies
Creating alert configurations
Configuring SNMP trap servers
Configuring an email alert object
Configuring a syslog object
HSM Integration
Chapter 14: Logging and Reporting
Using the event log
Using the security log
Using the traffic log
Using the script log
Configuring local log settings
Configuring syslog settings
Configuring fast stats log settings
Enabling real-time statistics
Configuring report email
Configuring reports
Configuring report queries
Configuring fast reports
Display logs via CLI
Chapter 15: High Availability Deployments
HA feature overview
HA system requirements
HA synchronization
Configuring HA settings
Monitoring an HA cluster
Updating firmware for an HA cluster
Deploying an active-passive cluster
Deploying an active-active cluster
Advantages of HA Active-Active-VRRP
Deploying an active-active-VRRP cluster
Chapter 16: Virtual Domains
Virtual domain basics
Enabling the virtual domain feature
Creating a virtual domain
Assigning network interfaces and admin users to VDOMs
Virtual domain policies
Disabling a virtual domain
Chapter 17: SSL Offloading
SSL offloading
SSL decryption by forward proxy
SSL profile configurations
Certificate guidelines
SSL/TLS versions and cipher suites
Exceptions list
SSL traffic mirroring
Chapter 18: Advanced Networking
NAT
Configure source NAT
Configuring 1-to-1 NAT
QoS
Configuring a QoS queue
Configuring the QoS IPv6 filter
Configuring the QoS filter
OSPF
ISP Routes
Reverse path route caching
BGP
Access list vs. prefix list
Configuring an IPv4 access list
Configuring an IPv6 access list
Configuring an IPv4 prefix list
Configuring an IPv6 prefix list
Transparent mode
Chapter 19: Best Practices and Fine-tuning
Regular backups
Security
Performance tips
High availability
Chapter 20: Troubleshooting
Logs
Tools
execute commands
diagnose commands
System dump
Packet capture
Diff
Save debug file
Solutions by issue type
Resetting the configuration
Restoring firmware (“clean install”)
Additional resources
Chapter 21: System Dashboard
Widgets
Dashboard management tools
Chapter 22: FortiView
Physical Topology
HA Status
Server Load Balance
Logical Topology
Virtual server details
Real server pool details
Real-server pool member details
Virtual Servers
Virtual server details
Real server pool details
Data Analytics
Traffic Logs
Link Load Balance
Logical Topology
Link Group
Global Load Balance
Logical Topology
Host
Security
Threat Map
Data Analytics
Security Logs
All Segments
Event Logs
Alerts
All Sessions
Appendix A: Fortinet MIBs
Appendix B: Port Numbers
Appendix C: Scripts
Events and actions
Predefined scripts
Predefined Commands
Control structures
Operators
String library
Special characters
Examples
Appendix D: Maximum Configuration Values
Change Log
Home
FortiADC 5.4.1
Handbook
Handbook
Introduction
Chapter 1: What's New
Chapter 2: Key Concepts and Features
Server load balancing
Link load balancing
Global load balancing
Security
High availability
Virtual domains
Chapter 3: Getting Started
Step 1: Install the appliance
Step 2: Configure the management interface
Step 3: Configure basic network settings
Step 4: Test connectivity to destination servers
Step 5: Complete product registration, licensing, and upgrades
Step 6: Configure a basic server load balancing policy
Step 7: Test the deployment
Step 8: Back up the configuration
Chapter 4: Server Load Balancing
Server load balancing basics
Server load balancing configuration overview
Configuring virtual servers
Using content rewriting rules
HSTS and HPKP support
Configuring content routes
Using source pools
Using schedule pools
Using clone pools
Configuring profiles
WebSocket load-balancing
Configuring MySQLprofiles
Configuring client SSL profiles
Configuring HTTP2 profiles
Configuring load-balancing (LB) methods
Configuring persistence rules
Configuring error pages
Configuring decompression rules
Creating a PageSpeed configuration
Creating PageSpeed profiles
PageSpeed support and restrictions
Configuring compression rules
Compression and decompression
Configuring caching rules
Using real server pools
Configuring real servers
Configuring real server SSL profiles
Using scripts
Configuring an L2 exception list
Creating a Web Filter Profile configuration
Using the Web Category tab
Configuring certificate caching
TCP multiplexing
Chapter 5: Link Load Balancing
Link load balancing basics
Link load balancing configuration overview
Configuring link policies
Configuring a link group
Configuring gateway links
Configuring persistence rules
Configuring proximity route settings
Configuring a virtual tunnel group
Chapter 6: Global Load Balancing
Global load balancing basics
Global load balancing configuration overview
Configuring servers
Configuring a global load balance link
Configuring data centers
Configuring hosts
Configuring wizard
Configuring virtual server pools
Configuring location lists
Logical Topology
Configuring a Global DNS policy
Configuring DNS zones
Configuring general settings
Configuring the trust anchor key
Configuring DNS64
Configuring the DSSET list
Configuring an address group
Configuring remote DNS servers
Configuring the response rate limit
Chapter 7: Network Security
Security features basics
Managing IP Reputation policy settings
Configure IP reputation exception
Configure IP reputation black list
Using the Geo IP block list
Using the Geo IP whitelist
Special Geo codes
Enabling denial of service protection
Configuring an IPv4 firewall policy
Configuring an IPv6 firewall policy
Configuring an IPv4 connection limit policy
Configuring an IPv6 connection limit policy
Anti-virus
Creating an AV profile
Setting AV quarantine policies
Viewing the quarantine monitor
Setting AV service level
Configuring IPS
Chapter 8: DoS Protection
Configuring DoS Protection Profile
Configuring HTTP access limit policy
Configuring HTTP connection flood policy
Configuring an HTTP request flood policy
Configuring an IP fragmentation policy
Configuring a TCP SYN flood protection policy
Configuring a TCP slow data flood protection policy
Chapter 9: Web Application Firewall
Web application firewall basics
Web application firewall configuration overview
Configuring a WAF Profile
Configuring a Web Attack Signature policy
Configuring a URL Protection policy
Configuring an Advanced Protection policy
Configuring an HTTP Protocol Constraint policy
Configuring CSRF protection
Configuring brute force attack detection
Configuring an SQL/XSS Injection Detection policy
Configuring WAF Exception objects
Configuring a Bot Detection policy
Configuring a Cookie Security policy
Configuring sensitive data protection
Configuring XML Detection
Configuring JSON detection
Importing XML schema
Uploading WSDL files
Importing JSON schema
Input Validation
Web Vulnerability Scanner
WVS Profile
WVS Login
WVS Exceptions
WVS Report
Chapter 10: User Authentication
Configuring AD FS Proxy
Configuring authentication policies
Configuring user groups
Using the local authentication server
Using an LDAP authentication server
Using a RADIUS authentication server
Configuring Duo authentication server support
Using Kerberos Authentication Relay
Two-factor authentication
Using HTTP Basic SSO
SAML and SSO
Configure a SAML service provider
Import IDP Metadata
Chapter 11: Shared Resources
Configuring health checks
Configuring health check monitor
Creating schedule groups
Creating IP address objects
Configuring address groups
Creating IPv6 address objects
Configuring address groups
Managing the ISP address books
Creating service objects
Creating service groups
Configuring WCCP
Chapter 12: Basic Networking
Configuring network interfaces
Configuring management interface
Configuring static routes
Configuring policy routes
Chapter 13: System Management
Configuring basic system settings
Configuring system time
Updating firmware
Configuring an SMTP mail server
Configuring FortiGuard service settings
Pushing/pulling configurations
Configuring FortiSandbox service
Backing up and restoring the configuration
SCP support for configuration backup
Rebooting, resetting, and shutting down the system
Create a traffic group
Manage administrator users
Create administrator users
Configure access profiles
Enable password policies
Configuring SNMP
Download SNMP MIBs
Configure SNMP threshold
Configure SNMP v1/v2
Configure SNMP v3
Configuring central management
Managing and validating certificates
Generating a certificate signing request
Creating a local certificate group
Importing intermediate CAs
Creating an intermediate CA group
OCSP stapling
Validating certificates
Importing CRLs
Adding OCSPs
Importing OCSP signing certificates
Importing CAs
Creating a CA group
System alerts
Configuring alert actions
Configuring alert policies
Creating alert configurations
Configuring SNMP trap servers
Configuring an email alert object
Configuring a syslog object
HSM Integration
Chapter 14: Logging and Reporting
Using the event log
Using the security log
Using the traffic log
Using the script log
Configuring local log settings
Configuring syslog settings
Configuring fast stats log settings
Enabling real-time statistics
Configuring report email
Configuring reports
Configuring report queries
Configuring fast reports
Display logs via CLI
Chapter 15: High Availability Deployments
HA feature overview
HA system requirements
HA synchronization
Configuring HA settings
Monitoring an HA cluster
Updating firmware for an HA cluster
Deploying an active-passive cluster
Deploying an active-active cluster
Advantages of HA Active-Active-VRRP
Deploying an active-active-VRRP cluster
Chapter 16: Virtual Domains
Virtual domain basics
Enabling the virtual domain feature
Creating a virtual domain
Assigning network interfaces and admin users to VDOMs
Virtual domain policies
Disabling a virtual domain
Chapter 17: SSL Offloading
SSL offloading
SSL decryption by forward proxy
SSL profile configurations
Certificate guidelines
SSL/TLS versions and cipher suites
Exceptions list
SSL traffic mirroring
Chapter 18: Advanced Networking
NAT
Configure source NAT
Configuring 1-to-1 NAT
QoS
Configuring a QoS queue
Configuring the QoS IPv6 filter
Configuring the QoS filter
OSPF
ISP Routes
Reverse path route caching
BGP
Access list vs. prefix list
Configuring an IPv4 access list
Configuring an IPv6 access list
Configuring an IPv4 prefix list
Configuring an IPv6 prefix list
Transparent mode
Chapter 19: Best Practices and Fine-tuning
Regular backups
Security
Performance tips
High availability
Chapter 20: Troubleshooting
Logs
Tools
execute commands
diagnose commands
System dump
Packet capture
Diff
Save debug file
Solutions by issue type
Resetting the configuration
Restoring firmware (“clean install”)
Additional resources
Chapter 21: System Dashboard
Widgets
Dashboard management tools
Chapter 22: FortiView
Physical Topology
HA Status
Server Load Balance
Logical Topology
Virtual server details
Real server pool details
Real-server pool member details
Virtual Servers
Virtual server details
Real server pool details
Data Analytics
Traffic Logs
Link Load Balance
Logical Topology
Link Group
Global Load Balance
Logical Topology
Host
Security
Threat Map
Data Analytics
Security Logs
All Segments
Event Logs
Alerts
All Sessions
Appendix A: Fortinet MIBs
Appendix B: Port Numbers
Appendix C: Scripts
Events and actions
Predefined scripts
Predefined Commands
Control structures
Operators
String library
Special characters
Examples
Appendix D: Maximum Configuration Values
Change Log
5.4.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7
Download PDF
Copy Link
Chapter 17: SSL Transactions
This chapter includes the following topics:
SSL offloading
SSL decryption by forward proxy
SSL profile configurations
Certificate guidelines
SSL/TLS versions and cipher suites
Exceptions list
SSL traffic mirroring
Chapter 17: SSL Transactions
Chapter 17: SSL Transactions
This chapter includes the following topics:
SSL offloading
SSL decryption by forward proxy
SSL profile configurations
Certificate guidelines
SSL/TLS versions and cipher suites
Exceptions list
SSL traffic mirroring
Link
PDF
TOC