FortiADC 6.2.0 offers the following new features:
Open Authorization (OAuth) 2.0 is an authorization framework that enables applications to obtain limited access to HTTP services on behalf of a user. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2.0 provides authorization flows for web and desktop applications, and mobile devices.
FortiADC will only be supporting OAuth 2.0 which is the most widely used form of OAuth. There will be no backwards compatibility between OAuth 1.0 and OAuth 2.0 as their specifications are so different that they cannot be used together.
New SSL ciphers have been added in the Client SSL profile and Server SSL profile:
A new set of Lua scripts have been added to manage WAF related events and actions. These scripts support functionalities that include enabling/disabling the WAF function, watching an event when the WAF scan starts or an attack is detected, and other custom actions.
The health check monitoring functionality has been enhanced to allow more settings to monitor the check and to display more information for the check results.
The following enhancements have been made for the WAF:
Brute force protection support for offloading authentication
Cookie security support for cookies generated by FortiADC
FortiADC now supports integrations with third-party vendor scanner reports, including FortiWeb, Acunetix, IBM Appscan ,Whitehat, HP Webinspect ,QualysGuard, Telefonica FAAST, ImmuniWeb reports.
You can now generate WAF policies based on FortiADC scan reports or third-party integrated reports. Users can modify the policy as needed and submit it to the virtual server to apply directly.
FortiADC 6.2.0 now supports the FortiADC 220F platform. For more information, please refer to the latest FortiADC datasheet.
Currently, FortiADC supports
allowaccess to allow/deny access to the interface management service. With the new Trust IP list feature, you will have more granular control over which IP addresses may be granted access to the interface management service.
FortiADC is introducing a solution for HA on Azure that can eliminate the issue caused by time-consuming IP transfers in the event of HA failovers. Please refer to the new Azure deployment guide for the new HA setup on Azure.
Use the new CLI command
execute ha force transfer-file <file-name> <node-id> to sync files between HA devices. This could be used to get debug files on the backup device from the master when the backup device is not accessible in some situations.
You can now customized banner messages to show prior to login through WebUI, console and SSH.
Two new SKUs for VM subscription license support has been added, including the Standard Bundle and Advanced Bundle license.
FortiADC now supports inter-VDOM routing setups that allow the traffic to be sent between VDOMs without additional physical interfaces that was previously required for multiple VDOM setups. At this time, inter-VDOM routing is only available for these classic scenarios: static route, PBR, L4 SLB, L7 SLB and NAT. It is currently not supported in IPv6 related configurations.
Currently, performing a factory reset would clear all settings on the devices entirely which may not be ideal for some users who need to keep basic networking settings. For this, FortiADC has added a new alternative factory reset command that will allow users to clear all configurations but keep the settings for VDOM, interface, and static route.
You can now filter for the string in CLI configurations.
# show full-configuration | grep –f 10.0.0.1
This will show all entries with the IP 10.0.0.1
The select checkbox column has been removed for all tables. Now you can make your selection by clicking the row, or press
Ctrl+Shift to select multiple rows.