Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiADC 8.0.0 Release Notes
    8.0.0
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.4.4
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.1.7
    5.1.6
    5.1.5
    5.1.4
    5.1.3
    5.1.2
    5.1.1
    5.1.0
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    5.0.0
    4.8.8
    4.8.7
    4.8.6
    4.8.5
    4.8.4
    4.8.3
    4.8.2
    4.8.1
    4.8.0
    4.7.4
    4.7.3
    4.7.2
    4.7.1

    What's new

    What's new

    FortiADC 8.0.0 introduces enhancements and new features across various modules including Web Application Firewall, Server Load Balance, Global Load Balance, and more.

    More detailed information is available in the New Features Guide.

    Application Access Manager

    FortiADC’s Application Access Gateway (AAG) enables secure, agentless access to internal applications through a unified web portal. By removing the need for client-side agents, AAG streamlines the access process, offering a simplified, scalable solution for organizations looking to deliver secure application access to remote users.

    With AAG, users can access multiple applications, such as RDP, VDI, and SSH, without requiring any additional client-side installations. It also ensures full security compliance with multiple authentication methods such as Local User, LDAP, RADIUS, Azure EntraID, and SAML.

    Key Features:

    • Centralized Access Portal: All internal applications are accessible from a single interface, reducing complexity and improving the user experience.

    • Authentication Integration: AAG integrates with existing identity management systems such as LDAP, RADIUS, Azure EntraID, and SAML, ensuring seamless and secure authentication for users.

    • Granular Access Policies: Administrators can define detailed access control rules, specifying which users or groups can access specific applications based on factors like location, time, or device type.

    • Dynamic LDAP Attributes: Leverage Dynamic LDAP Attributes to enforce more granular access control based on user attributes.

    • RDP Native Proxy: Allowing secure access to RDP-based applications without requiring additional client-side configurations.

    For more details, see:

    New Application Access Manager Module

    Unified Access Policy for Application Access Control

    Agentless Application Gateway (AAG)

    Web Application Firewall

    WAF Adaptive Learning 2.0

    WAF Adaptive Learning 2.0 enhances the original engine with expanded module coverage, exception-aware tuning, and improved operational control. It introduces support for new protection types, including Credential Stuffing Defense, CSRF Protection, HTTP Protocol Constraints, and SQL/XSS Injection Detection. Administrators can now bind exception policies directly to learned recommendations, export model data and recommendations in PDF format, and control when to activate the 30-day trial license for evaluation. These improvements enable more accurate policy tuning and better alignment with production workflows.

    For more details, see: WAF Adaptive Learning 2.0

    System

    Feature Visibility

    You can now selectively control the visibility of configurable features in the GUI via System > Feature Visibility or through the CLI. This allows administrators to streamline the interface by hiding features that are unused, inactive, or not relevant to the current deployment.

    For more details, see: Feature Visibility

    Enhancement to WAF Signature Telemetry Reporting to FortiGuard

    FortiADC 8.0.0 enhances its threat telemetry capabilities by adding support for uploading Web Attack Signature statistics to FortiGuard. This builds on the existing telemetry framework introduced in 7.6.1, which previously supported only IPS and Antivirus (AV) threat data.

    For more details, see: Enhancement to WAF Signature Telemetry Reporting to FortiGuard

    Server Load Balance

    Support Proxy Protocol for L4 TCP

    FortiADC now supports Proxy Protocol v1 and v2 in Layer 4 TCP server load balancing (SLB) deployments. This enhancement allows client connection metadata—such as source IP address and port—to be preserved across NAT boundaries and forwarded to backend servers. Proxy Protocol insertion ensures that real servers can accurately log or respond to the original client source, even in NAT or multi-hop environments.

    For more details, see: Support Proxy Protocol for L4 TCP

    Clear Session and Persistence Table for HTTP/S Virtual Servers

    FortiADC extends session and persistence clearing functionality to Layer 7 virtual servers (VS), including those that handle HTTP, HTTPS, TCPS, and RDP traffic. Prior to this enhancement, the CLI command sets, diagnose server-load-balance session and diagnose server-load-balance persistence, supported clearing operations only for Layer 4 (TCP/UDP) virtual servers. This update extends both command sets to support Layer 7 virtual servers by introducing the l7-http keyword, which targets httproxy-managed session and persistence tables.

    For more details, see: Clear Session and Persistence Table for HTTP/S Virtual Servers

    Support Multi-Process Mode for Up to 64 Processes per Virtual Server

    FortiADC now supports up to 64 processes per virtual server in multi-process mode, significantly increasing the previous limit of 15. This enhancement is designed to improve performance and scalability on high-core platforms by allowing better distribution of traffic handling across CPU cores.

    For more details, see: Support Multi-Process Mode for Up to 64 Processes per Virtual Server

    Scripting Support for Persistence Functions in HTTP Data Events

    FortiADC now supports calling persistence-related scripting functions—HTTP:persist() and HTTP:lookup_tbl()—within HTTP data phase events. This enhancement allows scripting-based persistence decisions to be made using values extracted from HTTP payloads, such as session tokens embedded in POST request bodies.

    For more details, see: Scripting Support for Persistence Functions in HTTP Data Events

    RFC 7919 Compliance Support for TLS 1.3 in SSL Profiles

    FortiADC now supports the RFC 7919 Comply option when TLS 1.3 is selected in the allowed SSL versions of Client SSL Profiles and Real Server SSL Profiles. This enhancement resolves a previous limitation where enabling RFC 7919 compliance would result in a configuration error if SSLv3 or TLS 1.3 was also selected.

    For more details, see: RFC 7919 Compliance Support for TLS 1.3 in SSL Profiles

    Network Security

    Source IP Exception Support for Networking DoS Protections

    FortiADC 8.0.0 introduces a new DoS Exceptions configuration feature that enables source IP-based exclusion in Networking-type DoS protection profiles. This enhancement allows administrators to define trusted IPv4 addresses that should bypass specific DoS inspection mechanisms. This feature only supports IPv4 TCP traffic.

    For more details, see: Source IP Exception Support for Networking DoS Protections

    GUI

    Updated Navigation Menu Structure

    FortiADC8.0.0 reorganizes the GUI navigation layout to improve usability and align feature groupings with functional domains. Key configuration areas—including user authentication modules and DoS protection settings—have been relocated under new parent menus to reflect their expanded scope and associated feature enhancements.

    For more details, see: Updated Navigation Menu Structure

    Platform

    TPM & Encrypted Data Store Support

    FortiADC now supports Trusted Platform Module (TPM) chips on select hardware platforms, enhancing the security of cryptographic key storage. TPM secures passwords and cryptographic keys by storing and authenticating them using AES-128-CBC encryption. This reduces the risk of tampering and data interception, ensuring private data is securely protected and tied to the hardware device.

    For more details, see: TPM & Encrypted Data Store Support

    Enhanced Azure HA Support with FortiFlex Licensing for Up to 8 Nodes

    FortiADC8.0.0 introduces support for high availability (HA) deployments of up to eight nodes in Microsoft Azure using FortiFlex licensing. This enhancement removes the previous two-node limitation in Azure HA template deployments and enables greater scalability and flexibility for large-scale cloud deployments.

    For more details, see: Enhanced Azure HA Support with FortiFlex Licensing for Up to 8 Nodes

    Troubleshooting

    Enhanced Hardware Diagnostics in CLI

    FortiADC expands its system diagnostics by introducing two new subcommands under the diagnose hardware CLI command: harddisk and logdisk. These enhancements integrate SMART-based health monitoring and reporting for both hard disks and log disks, enabling administrators to identify disk-related issues directly from the CLI.

    For more details, see: Enhanced Hardware Diagnostics in CLI

    Previous
    Next

    What's new

    What's new

    FortiADC 8.0.0 introduces enhancements and new features across various modules including Web Application Firewall, Server Load Balance, Global Load Balance, and more.

    More detailed information is available in the New Features Guide.

    Application Access Manager

    FortiADC’s Application Access Gateway (AAG) enables secure, agentless access to internal applications through a unified web portal. By removing the need for client-side agents, AAG streamlines the access process, offering a simplified, scalable solution for organizations looking to deliver secure application access to remote users.

    With AAG, users can access multiple applications, such as RDP, VDI, and SSH, without requiring any additional client-side installations. It also ensures full security compliance with multiple authentication methods such as Local User, LDAP, RADIUS, Azure EntraID, and SAML.

    Key Features:

    • Centralized Access Portal: All internal applications are accessible from a single interface, reducing complexity and improving the user experience.

    • Authentication Integration: AAG integrates with existing identity management systems such as LDAP, RADIUS, Azure EntraID, and SAML, ensuring seamless and secure authentication for users.

    • Granular Access Policies: Administrators can define detailed access control rules, specifying which users or groups can access specific applications based on factors like location, time, or device type.

    • Dynamic LDAP Attributes: Leverage Dynamic LDAP Attributes to enforce more granular access control based on user attributes.

    • RDP Native Proxy: Allowing secure access to RDP-based applications without requiring additional client-side configurations.

    For more details, see:

    New Application Access Manager Module

    Unified Access Policy for Application Access Control

    Agentless Application Gateway (AAG)

    Web Application Firewall

    WAF Adaptive Learning 2.0

    WAF Adaptive Learning 2.0 enhances the original engine with expanded module coverage, exception-aware tuning, and improved operational control. It introduces support for new protection types, including Credential Stuffing Defense, CSRF Protection, HTTP Protocol Constraints, and SQL/XSS Injection Detection. Administrators can now bind exception policies directly to learned recommendations, export model data and recommendations in PDF format, and control when to activate the 30-day trial license for evaluation. These improvements enable more accurate policy tuning and better alignment with production workflows.

    For more details, see: WAF Adaptive Learning 2.0

    System

    Feature Visibility

    You can now selectively control the visibility of configurable features in the GUI via System > Feature Visibility or through the CLI. This allows administrators to streamline the interface by hiding features that are unused, inactive, or not relevant to the current deployment.

    For more details, see: Feature Visibility

    Enhancement to WAF Signature Telemetry Reporting to FortiGuard

    FortiADC 8.0.0 enhances its threat telemetry capabilities by adding support for uploading Web Attack Signature statistics to FortiGuard. This builds on the existing telemetry framework introduced in 7.6.1, which previously supported only IPS and Antivirus (AV) threat data.

    For more details, see: Enhancement to WAF Signature Telemetry Reporting to FortiGuard

    Server Load Balance

    Support Proxy Protocol for L4 TCP

    FortiADC now supports Proxy Protocol v1 and v2 in Layer 4 TCP server load balancing (SLB) deployments. This enhancement allows client connection metadata—such as source IP address and port—to be preserved across NAT boundaries and forwarded to backend servers. Proxy Protocol insertion ensures that real servers can accurately log or respond to the original client source, even in NAT or multi-hop environments.

    For more details, see: Support Proxy Protocol for L4 TCP

    Clear Session and Persistence Table for HTTP/S Virtual Servers

    FortiADC extends session and persistence clearing functionality to Layer 7 virtual servers (VS), including those that handle HTTP, HTTPS, TCPS, and RDP traffic. Prior to this enhancement, the CLI command sets, diagnose server-load-balance session and diagnose server-load-balance persistence, supported clearing operations only for Layer 4 (TCP/UDP) virtual servers. This update extends both command sets to support Layer 7 virtual servers by introducing the l7-http keyword, which targets httproxy-managed session and persistence tables.

    For more details, see: Clear Session and Persistence Table for HTTP/S Virtual Servers

    Support Multi-Process Mode for Up to 64 Processes per Virtual Server

    FortiADC now supports up to 64 processes per virtual server in multi-process mode, significantly increasing the previous limit of 15. This enhancement is designed to improve performance and scalability on high-core platforms by allowing better distribution of traffic handling across CPU cores.

    For more details, see: Support Multi-Process Mode for Up to 64 Processes per Virtual Server

    Scripting Support for Persistence Functions in HTTP Data Events

    FortiADC now supports calling persistence-related scripting functions—HTTP:persist() and HTTP:lookup_tbl()—within HTTP data phase events. This enhancement allows scripting-based persistence decisions to be made using values extracted from HTTP payloads, such as session tokens embedded in POST request bodies.

    For more details, see: Scripting Support for Persistence Functions in HTTP Data Events

    RFC 7919 Compliance Support for TLS 1.3 in SSL Profiles

    FortiADC now supports the RFC 7919 Comply option when TLS 1.3 is selected in the allowed SSL versions of Client SSL Profiles and Real Server SSL Profiles. This enhancement resolves a previous limitation where enabling RFC 7919 compliance would result in a configuration error if SSLv3 or TLS 1.3 was also selected.

    For more details, see: RFC 7919 Compliance Support for TLS 1.3 in SSL Profiles

    Network Security

    Source IP Exception Support for Networking DoS Protections

    FortiADC 8.0.0 introduces a new DoS Exceptions configuration feature that enables source IP-based exclusion in Networking-type DoS protection profiles. This enhancement allows administrators to define trusted IPv4 addresses that should bypass specific DoS inspection mechanisms. This feature only supports IPv4 TCP traffic.

    For more details, see: Source IP Exception Support for Networking DoS Protections

    GUI

    Updated Navigation Menu Structure

    FortiADC8.0.0 reorganizes the GUI navigation layout to improve usability and align feature groupings with functional domains. Key configuration areas—including user authentication modules and DoS protection settings—have been relocated under new parent menus to reflect their expanded scope and associated feature enhancements.

    For more details, see: Updated Navigation Menu Structure

    Platform

    TPM & Encrypted Data Store Support

    FortiADC now supports Trusted Platform Module (TPM) chips on select hardware platforms, enhancing the security of cryptographic key storage. TPM secures passwords and cryptographic keys by storing and authenticating them using AES-128-CBC encryption. This reduces the risk of tampering and data interception, ensuring private data is securely protected and tied to the hardware device.

    For more details, see: TPM & Encrypted Data Store Support

    Enhanced Azure HA Support with FortiFlex Licensing for Up to 8 Nodes

    FortiADC8.0.0 introduces support for high availability (HA) deployments of up to eight nodes in Microsoft Azure using FortiFlex licensing. This enhancement removes the previous two-node limitation in Azure HA template deployments and enables greater scalability and flexibility for large-scale cloud deployments.

    For more details, see: Enhanced Azure HA Support with FortiFlex Licensing for Up to 8 Nodes

    Troubleshooting

    Enhanced Hardware Diagnostics in CLI

    FortiADC expands its system diagnostics by introducing two new subcommands under the diagnose hardware CLI command: harddisk and logdisk. These enhancements integrate SMART-based health monitoring and reporting for both hard disks and log disks, enabling administrators to identify disk-related issues directly from the CLI.

    For more details, see: Enhanced Hardware Diagnostics in CLI

    Previous
    Next