DOCUMENT LIBRARY

Handbook

Introduction
Chapter 1: What's New
Chapter 2: Key Concepts and Features
- Server load balancing
- Link load balancing
- Global load balancing
- Security
- High availability
- Virtual Domain (VDOM) and Administrative Domain (ADOM)
Chapter 3: Getting Started
- Step 1: Install the appliance
- Step 2: Configure the management interface
- Step 3: Configure basic network settings
- Step 4: Test connectivity to destination servers
- Step 5: Complete product registration, licensing, and upgrades
- Step 6: Configure a basic server load balancing policy
- Step 7: Test the deployment
- Step 8: Back up the configuration
Chapter 4: Server Load Balancing
- Server load balancing basics
- Server load balancing configuration overview
- Configuring virtual servers
- Using content rewriting rules
- HSTS and HPKP support
- Configuring content routes
- Using source pools
- Using schedule pools
- Using clone pools
- Configuring Application profiles
- WebSocket load-balancing
- Configuring MSSQL profiles
- Configuring MySQL profiles
- Configuring client SSL profiles
- Configuring HTTP2 profiles
- Configuring load-balancing (LB) methods
- Configuring persistence rules
- Configuring error pages
- Configuring decompression rules
- Configuring Captcha
- Creating a PageSpeed configuration
- Creating PageSpeed profiles
- PageSpeed support and restrictions
- Configuring compression rules
- Compression and decompression
- Configuring caching rules
- Using real server pools
- Configuring real servers
- Configuring real server SSL profiles
- Using scripts
- Configuring an L2 exception list
- Creating a Web Filter Profile configuration
- Using the Web Category tab
- Configuring certificate caching
- TCP multiplexing
Chapter 5: Link Load Balancing
- Link load balancing basics
- Link load balancing configuration overview
- Configuring link policies
- Configuring a link group
- Configuring gateway links
- Configuring persistence rules
- Configuring proximity route settings
- Configuring a virtual tunnel group
Chapter 6: Global Load Balancing
- Global load balancing basics
- Global load balancing configuration overview
- Configuring servers
- Configuring a global load balance link
- Configuring data centers
- Configuring hosts
- Configuring wizard
- Configuring virtual server pools
- Configuring location lists
- Logical Topology
- Configuring a Global DNS policy
- Configuring DNS zones
- Configuring general settings
- Configuring the trust anchor key
- Configuring DNS64
- Configuring the DSSET list
- Configuring an address group
- Configuring remote DNS servers
- Configuring the response rate limit
Chapter 7: Network Security
- Security features basics
- Managing IP Reputation policy settings
- Configure IP reputation exception
- Configure IP reputation block list
- Using the Geo IP block list
- Using the Geo IP allowlist
- Special Geo codes
- Enabling denial of service protection
- Configuring an IPv4 firewall policy
- Configuring an IPv6 firewall policy
- Configuring an IPv4 connection limit policy
- Configuring an IPv6 connection limit policy
- Anti-virus
- Configuring IPS
- Zero Trust Network Access (ZTNA)
Chapter 8: DoS Protection
- Configuring DoS Protection Profile
- Configuring HTTP access limit policy
- Configuring HTTP connection flood policy
- Configuring an HTTP request flood policy
- Configuring an IP fragmentation policy
- Configuring a TCP SYN flood protection policy
- Configuring a TCP slow data flood protection policy
Chapter 9: Web Application Firewall
- Web application firewall basics
- Web application firewall configuration overview
- Configuring an OWASP TOP10 profile
- Configuring a WAF Profile
- Configuring WAF Action objects
- Configuring WAF Exception objects
- Configuring a Web Attack Signature policy
- Using the Signature Creation Wizard
- Configuring a URL Protection policy
- Configuring an Advanced Protection policy
- Configuring an HTTP Protocol Constraint policy
- Configuring CSRF protection
- Configuring brute force attack detection
- Configuring an SQL/XSS Injection Detection policy
- Configuring a Bot Detection policy
- Configuring a Credential Stuffing Defense Policy
- Configuring a Cookie Security policy
- Configuring sensitive data protection
- Configuring Cross-Origin Resource Sharing (CORS) protection
- Configuring XML Detection
- Configuring JSON detection
- Importing XML schema
- Uploading WSDL files
- Importing JSON schema
- Configuring OpenAPI Detection
- Importing OpenAPI schema
- Configuring API Gateway
- Configuring Input Validation
- Web Vulnerability Scanner
  - WVS Profile
  - WVS Login
  - WVS Exceptions
  - Scan History
  - Scan Integration
- Web Anti-Defacement
Chapter 10: User Authentication
- Configuring AD FS Proxy
- Configuring authentication policies
- Configuring user groups
- Configuring customized authentication form
- Using the local authentication server
- Using an LDAP authentication server
- Using a RADIUS authentication server
- Configuring Duo authentication server support
- Configuring an NTLM authentication server
- Using Kerberos Authentication Relay
- Two-factor authentication
- OAuth 2.0 authentication
- Using HTTP Basic SSO
- SAML and SSO
  - Configure a SAML service provider
  - Import IDP Metadata
Chapter 11: Shared Resources
- Configuring health checks
- Configuring health check monitor
- Creating schedule groups
- Creating IP address objects
- Configuring address groups
- Creating IPv6 address objects
- Configuring address groups
- Managing the ISP address books
- Creating service objects
- Creating service groups
- Configuring WCCP
Chapter 12: Basic Networking
- Configuring network interfaces
- Configuring management interface
- Linking VDOMs for inter-VDOM routing
- Configuring static routes
- Configuring policy routes
Chapter 13: System Management
- Configuring basic system settings
- Configuring system time
- Configuring pre-login disclaimer messages
- Updating firmware
- Configuring an SMTP mail server
- Connecting to FortiGuard services
- Configuring FortiGuard service settings
- Pushing/pulling configurations
- Backing up and restoring the configuration
- SCP support for configuration backup
- Rebooting, resetting, and shutting down the system
- Create a traffic group
- Manage administrator users
  - Create administrator users
  - Create REST API administrator users
  - Configure access profiles
  - Enable password policies
- Configuring SNMP
  - Download SNMP MIBs
  - Configure SNMP threshold
  - Configure SNMP v1/v2
  - Configure SNMP v3
- Managing and validating certificates
  - Generating or importing a local certificate
  - Creating a local certificate group
  - Importing intermediate CAs
  - Creating an intermediate CA group
  - OCSP stapling
- Validating certificates
  - Importing CRLs
  - Adding OCSPs
  - Importing OCSP signing certificates
  - Importing CAs
  - Creating a CA group
- Configuring SNMP trap servers
- Configuring an email alert object
- Configuring a syslog object
- HSM Integration
Chapter 14: Logging and Reporting
- Downloading logs
- Using the security log
- Using the traffic log
- Using the script log
- Configuring local log settings
- Configuring syslog settings
- Configuring OFTP settings for FortiAnalyzer logs
- Configuring fast stats log settings
- Configuring report email
- Configuring reports
- Configuring report queries
- Configuring fast reports
- Display logs via CLI
Chapter 15: High Availability Deployments
- HA feature overview
- HA system requirements
- HA synchronization
- Configuring HA settings
- Monitoring an HA cluster
- Updating firmware for an HA cluster
- Deploying an active-passive cluster
- Deploying an active-active cluster
- Advantages of HA Active-Active-VRRP
- Deploying an active-active-VRRP cluster
Chapter 16: Virtual Domain
- Virtual Domain (VDOM) and Administrative Domain (ADOM) overview
- Enabling the Virtual Domain feature and selecting the Virtual Domain Mode
- Creating a virtual domain
- Assigning administrator users and network interfaces to VDOMs
- Virtual domain policies
- Disabling a virtual domain
Chapter 17: SSL Offloading
- SSL offloading
- SSL decryption by forward proxy
- SSL profile configurations
- Certificate guidelines
- SSL/TLS versions and cipher suites
- Exceptions list
- SSL traffic mirroring
Chapter 18: Advanced Networking
- NAT
  - Configure source NAT
  - Configuring 1-to-1 NAT
- QoS
- OSPF
- ISP Routes
  - Reverse path route caching
- BGP
- Access list vs. prefix list
- Configuring an IPv4 access list
- Configuring an IPv6 access list
- Configuring an IPv4 prefix list
- Configuring an IPv6 prefix list
- Transparent mode
Chapter 19: Best Practices and Fine-tuning
- Regular backups
- Security
- Performance tips
- High availability
Chapter 20: Troubleshooting
- Logs
- Tools
- Save debug file
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
- Additional resources
Chapter 21: System Dashboard
- Widgets
- Dashboard management tools
Chapter 22: FortiView
- Physical Topology
- HA Status
- Server Load Balance
- Link Load Balance
  - Logical Topology
  - Link Group
- Global Load Balance
  - Logical Topology
  - Host
- Security
- All Segments
- ZTNA FortiClient endpoint
Chapter 23: Security Fabric
- Automation
- Fabric connectors
- External connectors
Appendix A: Fortinet MIBs
Appendix B: Port Numbers
Appendix C: Scripts
- Events and actions
- Predefined scripts
- Predefined Commands
- Control structures
- Operators
- String library
- Special characters
- Examples
Appendix D: Maximum Configuration Values
Change Log

Home FortiADC 7.1.1 Handbook

7.1.1

Configuring an Advanced Protection policy

The Advanced Protection policy includes the following rules:

Content Scraping—Checks HTTP response header. If the traffic matches the occurrence limit and is over the specified percentage match, it detects web scraping, then executes the relevant actions for the traffic.
HTTP Response Code—Checks HTTP response code. If the traffic matches the occurrence limit and is over the specified percentage match, it detects web scraping, then executes the relevant actions for the traffic.

To configure an Advanced Protection policy:

Go to Web Application Firewall>Common Attacks Detection.
Click the Advanced Protection tab.
Click Create New to display the configuration editor.

Complete the configuration as described in Advanced Protection configuration.

If you want to drop a large number of packets when traffic match the rules, you should set action to “block” instead of “deny."

Save the configuration.

Advanced Protection configuration
Settings	Guidelines
Name	Enter a unique Advanced Protection policy name. Valid characters are `A`-`Z`, `a`-`z`, `0`-`9`, `_`, and `-`. No space is allowed. Note: Once saved, the name of an Advanced Protection policy cannot be changed.
Content Scraping
Content Type	Specify a Content Type for the Content Scraping rule: text/html text/plain text/xml application/xml application/soap+xml application/json
Occurrence Limit	Sets the condition for the limit of the number of responses received from the specified type. If the number of responses received within the time frame (set in Occurrence Within) from the specified type is above this limit, this condition is fulfilled.
Occurrence Within	Sets the time span during which to count how many times a response is received from the specified type.
Percentage Match	Sets the condition for what percentage of the traffic received is from the specified type, during the given time frame. If the specified type, compared to all traffic, is received above this Percentage Match, this condition is fulfilled. Default is 0, indicating that this condition is disabled by default.
Action	Select which action profile that you want to apply. See Configuring WAF Action objects. The default value is Alert.
Severity	When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiADC uses when using Advanced Protection: Low Medium High The default value is Low.
HTTP Response Code
Response Code	Specify a Response Code for the HTTP Response Code rule.
Occurrence Limit	Sets the condition for the limit of the number of responses received from the specified type. If the number of responses received within the time frame (set in Occurrence Within) from the specified type is above this limit, this condition is fulfilled.
Occurrence Within	Sets the time span during which to count how many times a response is received from the specified type.
Percentage Match	Sets the condition for what percentage of the traffic received is from the specified type, during the given time frame. If the specified type, compared to all traffic, is received above this Percentage Match, this condition is fulfilled. Default is 0, indicating that this condition is disabled by default.
Action	Select which action profile that you want to apply. See Configuring WAF Action objects. The default value is Alert.
Severity	High—Log as high severity events. Medium—Log as a medium severity events. Low—Log as low severity events. The default is low.

Configuring an Advanced Protection policy

The Advanced Protection policy includes the following rules:

Content Scraping—Checks HTTP response header. If the traffic matches the occurrence limit and is over the specified percentage match, it detects web scraping, then executes the relevant actions for the traffic.
HTTP Response Code—Checks HTTP response code. If the traffic matches the occurrence limit and is over the specified percentage match, it detects web scraping, then executes the relevant actions for the traffic.

To configure an Advanced Protection policy:

Go to Web Application Firewall>Common Attacks Detection.
Click the Advanced Protection tab.
Click Create New to display the configuration editor.

Complete the configuration as described in Advanced Protection configuration.

If you want to drop a large number of packets when traffic match the rules, you should set action to “block” instead of “deny."

Save the configuration.

Advanced Protection configuration
Settings	Guidelines
Name	Enter a unique Advanced Protection policy name. Valid characters are `A`-`Z`, `a`-`z`, `0`-`9`, `_`, and `-`. No space is allowed. Note: Once saved, the name of an Advanced Protection policy cannot be changed.
Content Scraping
Content Type	Specify a Content Type for the Content Scraping rule: text/html text/plain text/xml application/xml application/soap+xml application/json
Occurrence Limit	Sets the condition for the limit of the number of responses received from the specified type. If the number of responses received within the time frame (set in Occurrence Within) from the specified type is above this limit, this condition is fulfilled.
Occurrence Within	Sets the time span during which to count how many times a response is received from the specified type.
Percentage Match	Sets the condition for what percentage of the traffic received is from the specified type, during the given time frame. If the specified type, compared to all traffic, is received above this Percentage Match, this condition is fulfilled. Default is 0, indicating that this condition is disabled by default.
Action	Select which action profile that you want to apply. See Configuring WAF Action objects. The default value is Alert.
Severity	When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiADC uses when using Advanced Protection: Low Medium High The default value is Low.
HTTP Response Code
Response Code	Specify a Response Code for the HTTP Response Code rule.
Occurrence Limit	Sets the condition for the limit of the number of responses received from the specified type. If the number of responses received within the time frame (set in Occurrence Within) from the specified type is above this limit, this condition is fulfilled.
Occurrence Within	Sets the time span during which to count how many times a response is received from the specified type.
Percentage Match	Sets the condition for what percentage of the traffic received is from the specified type, during the given time frame. If the specified type, compared to all traffic, is received above this Percentage Match, this condition is fulfilled. Default is 0, indicating that this condition is disabled by default.
Action	Select which action profile that you want to apply. See Configuring WAF Action objects. The default value is Alert.
Severity	High—Log as high severity events. Medium—Log as a medium severity events. Low—Log as low severity events. The default is low.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Handbook

Configuring an Advanced Protection policy

Configuring an Advanced Protection policy

To configure an Advanced Protection policy:

Configuring an Advanced Protection policy

Configuring an Advanced Protection policy

To configure an Advanced Protection policy: