FortiADC 7.1.1 offers the following new features:
Administrative domain (ADOM) support
FortiADC has introduced a new Virtual Domain Mode to support Administrative Domain (ADOM) functionality that enables the administrator to constrain access privileges to a subset of server load balancing virtual servers. Both VDOM and ADOM functionality support multi-tenant deployment scenarios. However, unlike VDOMs that require separate independent networking per VDOM, the ADOM shares the same networking interfaces and routing between all ADOMs. You can enable ADOM mode through either the WebUI or CLI: 1) enable the Virtual Domain (if Virtual Domain is previously disabled), then 2) set the Virtual Domain Mode as Share Network. If the Virtual Domain is already enabled, then you must disable the Virtual Domain before enabling ADOM mode.
Automation Egress VDOM for Syslog, SNMP Trap, and Webhook actions
Automation stitches can now be set to egress alerts from the root VDOM or the local VDOM, regardless of the local VDOM from which the automation is configured. This enhancement of the automation policy allows the source of SNMP Trap, Syslog, and Webhook messages in non-root VDOMs to be sent out from the management interface of the root VDOM, which is helpful in scenarios where the non-root VDOM has no connectivity to the servers.
Server Load Balance
Geo block list/allowlist support for SMTP, FTP, RADIUS, MSSQL, and ISO8583 virtual server profiles
Geo block list and allowlist functionality has now been extended to more virtual server profiles, including SMTP, FTP, RADIUS, MSSQL and ISO8583.
NAT Source Pool support for Layer 7 SMTP, MSSQL, and ISO8583 virtual servers
The NAT Source Pool functionality has now been extended to Layer 7 SMTP, MSSQL, and ISO8583 virtual servers to better support large real server deployments without being limited to the single NAT source IPs.
Note: When using the NAT Source Pool for SMTP VS, ensure the SMTP application profile is disabled for Client Address. When the SMTP is enabled for Client Address, it will use the original client IP address as the source address when connecting to the real server, which cannot be done when the NAT source pool is used at the same time.
Error page enhancement
The error page customization for HTTP status codes has been enhanced to allow editing and previewing directly from the WebUI. This enhancement also includes a new predefined profile, LB_ERROR_PAGE_DEFAULT, which can be applied to error pages for all status codes.
Error message support for form-based authentication failure
An error message will now display on the authentication page when incorrect user credentials are entered to indicate the failed login attempt.