Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiADC 8.0.1 Release Notes
    8.0.1
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.4.4
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.1.7
    5.1.6
    5.1.5
    5.1.4
    5.1.3
    5.1.2
    5.1.1
    5.1.0
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    5.0.0
    4.8.8
    4.8.7
    4.8.6
    4.8.5
    4.8.4
    4.8.3
    4.8.2
    4.8.1
    4.8.0
    4.7.4
    4.7.3
    4.7.2
    4.7.1

    What's new

    What's new

    FortiADC 8.0.1 introduces enhancements and new features across various modules including Web Application Firewall, Server Load Balance, Global Load Balance, and more.

    More detailed information is available in the New Features Guide.

    Application Access Manager

    Agentless Application Gateway New Features 8.0.1

    FortiADC 8.0.1 introduces major new features to the Agentless Application Gateway (AAG), expanding its capabilities to publish internal web applications, enforce multi-factor authentication (MFA) at App Portal login, and improve portal usability with automatic language detection and customizable bookmark icons. These updates extend AAG to support browser-based access to internal resources such as intranet sites and collaboration platforms, providing secure, policy-driven delivery without the need for VPN software or client agents.

    Security Fabric

    Cisco ACI External Connector 8.0.1

    FortiADC now supports direct integration with Cisco ACI 5.2 through a new Cisco ACI SDN connector in the Security Fabric > External Connectors framework.

    This connector establishes a northbound API connection to the Cisco Application Policy Infrastructure Controller (APIC), enabling FortiADC to automatically discover and synchronize ACI tenants, application profiles, and endpoint groups (EPGs) with its own load-balancing configuration.

    By linking the application-centric visibility of Cisco ACI with FortiADC’s traffic management engine, this feature delivers adaptive, SDN-driven load balancing that evolves automatically with your data-center topology.

    FortiGate Security Fabric–Based Admin SSO 8.0.1

    FortiADC now supports administrator Single Sign-On (SSO) through FortiGate Security Fabric integration. When connected to the Security Fabric where FortiGate acts as the root, FortiADC can use the FortiGate as its SAML Identity Provider (IdP) for administrator authentication.

    System

    WAF Signature Staging 8.0.1

    FortiADC introduces support for WAF Signature Staging, providing a controlled process to evaluate newly released or modified FortiGuard attack signatures before they are enforced. With this capability, newly added or updated signatures are first placed in a Signature Staging list. Administrators can monitor these signatures as they trigger on live traffic and review their Matched status before deciding whether to apply or disable them—reducing false positives and smoothing production rollouts. This capability is supported with WAF Signature Database version 1.00063 and later.

    Disable Default Admin Account via CLI 8.0.1

    Administrators now have the option to disable the built-in admin account using the new CLI command set default-admin under config system global. This enhancement improves security and compliance by allowing organizations to prevent login with the default account once alternate administrator accounts have been created. When disabled, the admin account cannot log in, and any active sessions are immediately terminated.

    Socket Selection Hash Control via CLI 8.0.1

    FortiADC introduces a new CLI option, sip-to-same-sock, under config system global to control how sessions are hashed across sockets. By default, sessions with the same source IP, destination IP, and destination port (sip+dip+dport) are consistently directed to the same CPU, httproxy process, and listening socket. This ensures that related sessions remain on the same processing path.

    Server Load Balance

    Advanced mTLS Support with Enhanced Client Authentication and C3D 8.0.1

    FortiADC expands its mutual TLS (mTLS) capabilities with advanced features that strengthen security and improve deployment flexibility. mTLS requires both the client and server to authenticate each other using certificates, ensuring trusted, bidirectional communication.

    While FortiADC already supported basic mTLS, this release introduces advanced functions for greater control and interoperability:

    • Enhanced Client Authentication — Configurable authentication frequency and selective advertisement of trusted certificate authorities (CAs).

    • Client Certificate Constrained Delegation (C3D) — Allows FortiADC to issue delegated client certificates when forwarding traffic to backend servers, maintaining mutual TLS authentication while still enabling SSL decryption and inspection.

    Together, these enhancements provide administrators with fine-grained control over certificate handling, ensuring secure, verifiable mTLS chains on both the client- and server-facing sides of FortiADC.

    Advanced TCP Optimization and Transparent Proxy Support for L7 TCP Virtual Servers 8.0.1

    FortiADC extends its L7 TCP virtual server capabilities with support for transparent TCP proxying and advanced TCP optimization features. While transparent proxy modes (Layer 2 and Layer 3) were already available for other types of virtual servers, this enhancement makes them available for L7 TCP virtual servers, enabling inline deployments with full application-layer visibility and control. In addition, L7 TCP profiles now include per-connection tuning parameters and congestion control options, giving administrators precise control over throughput, efficiency, and reliability.

    Content Rewriting support for HTTP/3 and Backend HTTP/2 8.0.1

    FortiADC 8.0.1 extends the content rewriting functionality to HTTPS Virtual Servers that have HTTP/3 enabled on the frontend or Backend HTTP/2 enabled. Previously, content rewriting was limited to Virtual Servers with HTTP profiles, which meant services delivered over HTTP/3 or full end-to-end HTTP/2 could not take advantage of the same traffic manipulation policies.

    Global Load Balance

    New Secondary Zone Type with Secure AXFR Synchronization via TSIG Authentication 8.0.1

    FortiADC introduces a new Secondary zone type to expand its DNS role beyond primary-only operation. Previously, FortiADC could act only as a primary DNS server, serving zone data to other secondaries. With this enhancement, it can also function as a secondary, synchronizing its DNS zone data from an upstream primary server using AXFR (Authoritative Zone Transfer). To enable secure synchronization, this release also adds support for TSIG (Transaction SIGnature) authentication, ensuring that AXFR transfers and NOTIFY messages are validated and accepted only from trusted servers. Together, these enhancements provide a more flexible, interoperable, and secure foundation for Global Server Load Balancing (GSLB).

    User-Defined Certificates and CA Verification for GSLB 8.0.1

    FortiADC now supports user-defined certificates and peer certificate verification for Global Server Load Balancing (GSLB). This enhancement strengthens authentication between GLB and SLB, mitigates man-in-the-middle (MITM) risks, and enables integration with enterprise PKI infrastructures. It also extends cipher suite support to include FIPS-compliant options, ensuring compliance with stricter security requirements.

    Network Security

    CLI Commands to Manage TCP DoS Block List 8.0.1

    FortiADC introduces two new CLI commands to manage entries in the TCP DoS block list:

    • execute dos get tcp-block-list displays source IPs currently blocked by a DoS profile, along with source port, destination, and remaining block time.

    • execute dos release tcp-block-list removes entries from the block list, either by source IP or all at once.

    These commands apply specifically to Layer 4 DoS protections that use the Period Block action, including TCP access flood protection and TCP slow-data attack protection. When these protections detect excessive or abnormal connection behavior, offending source IPs are temporarily blocked for the configured duration.

    Log & Report

    Traffic Log Enhancement 8.0.1

    The Traffic Log page has been completely redesigned to make log investigation faster, more flexible, and more intuitive. The new interface enables administrators to analyze large datasets without interruption, quickly isolate events using dynamic filters, and customize the log view to focus on the most relevant metrics. These enhancements streamline routine monitoring and accelerate troubleshooting across all traffic log types.

    Platform

    Expanded Local Certificate Group Member Limit 8.0.1

    FortiADC 8.0.1 increases the maximum number of Local Certificate Group Members from 256 to 1024. This change provides greater flexibility for large-scale deployments that manage extensive sets of local certificates within a single group.

    OpenSSL Upgrade to 3.3 8.0.1

    FortiADC 8.0.1 upgrades the OpenSSL library to version 3.3 to align with the latest security compliance requirements and upstream fixes.

    OCI DRCC support 8.0.1

    FortiADC-VM is supported in OCI Dedicated Region Cloud@Customer (DRCC). For more information, see Dedicated Region Cloud@Customer.

    Previous
    Next

    What's new

    What's new

    FortiADC 8.0.1 introduces enhancements and new features across various modules including Web Application Firewall, Server Load Balance, Global Load Balance, and more.

    More detailed information is available in the New Features Guide.

    Application Access Manager

    Agentless Application Gateway New Features 8.0.1

    FortiADC 8.0.1 introduces major new features to the Agentless Application Gateway (AAG), expanding its capabilities to publish internal web applications, enforce multi-factor authentication (MFA) at App Portal login, and improve portal usability with automatic language detection and customizable bookmark icons. These updates extend AAG to support browser-based access to internal resources such as intranet sites and collaboration platforms, providing secure, policy-driven delivery without the need for VPN software or client agents.

    Security Fabric

    Cisco ACI External Connector 8.0.1

    FortiADC now supports direct integration with Cisco ACI 5.2 through a new Cisco ACI SDN connector in the Security Fabric > External Connectors framework.

    This connector establishes a northbound API connection to the Cisco Application Policy Infrastructure Controller (APIC), enabling FortiADC to automatically discover and synchronize ACI tenants, application profiles, and endpoint groups (EPGs) with its own load-balancing configuration.

    By linking the application-centric visibility of Cisco ACI with FortiADC’s traffic management engine, this feature delivers adaptive, SDN-driven load balancing that evolves automatically with your data-center topology.

    FortiGate Security Fabric–Based Admin SSO 8.0.1

    FortiADC now supports administrator Single Sign-On (SSO) through FortiGate Security Fabric integration. When connected to the Security Fabric where FortiGate acts as the root, FortiADC can use the FortiGate as its SAML Identity Provider (IdP) for administrator authentication.

    System

    WAF Signature Staging 8.0.1

    FortiADC introduces support for WAF Signature Staging, providing a controlled process to evaluate newly released or modified FortiGuard attack signatures before they are enforced. With this capability, newly added or updated signatures are first placed in a Signature Staging list. Administrators can monitor these signatures as they trigger on live traffic and review their Matched status before deciding whether to apply or disable them—reducing false positives and smoothing production rollouts. This capability is supported with WAF Signature Database version 1.00063 and later.

    Disable Default Admin Account via CLI 8.0.1

    Administrators now have the option to disable the built-in admin account using the new CLI command set default-admin under config system global. This enhancement improves security and compliance by allowing organizations to prevent login with the default account once alternate administrator accounts have been created. When disabled, the admin account cannot log in, and any active sessions are immediately terminated.

    Socket Selection Hash Control via CLI 8.0.1

    FortiADC introduces a new CLI option, sip-to-same-sock, under config system global to control how sessions are hashed across sockets. By default, sessions with the same source IP, destination IP, and destination port (sip+dip+dport) are consistently directed to the same CPU, httproxy process, and listening socket. This ensures that related sessions remain on the same processing path.

    Server Load Balance

    Advanced mTLS Support with Enhanced Client Authentication and C3D 8.0.1

    FortiADC expands its mutual TLS (mTLS) capabilities with advanced features that strengthen security and improve deployment flexibility. mTLS requires both the client and server to authenticate each other using certificates, ensuring trusted, bidirectional communication.

    While FortiADC already supported basic mTLS, this release introduces advanced functions for greater control and interoperability:

    • Enhanced Client Authentication — Configurable authentication frequency and selective advertisement of trusted certificate authorities (CAs).

    • Client Certificate Constrained Delegation (C3D) — Allows FortiADC to issue delegated client certificates when forwarding traffic to backend servers, maintaining mutual TLS authentication while still enabling SSL decryption and inspection.

    Together, these enhancements provide administrators with fine-grained control over certificate handling, ensuring secure, verifiable mTLS chains on both the client- and server-facing sides of FortiADC.

    Advanced TCP Optimization and Transparent Proxy Support for L7 TCP Virtual Servers 8.0.1

    FortiADC extends its L7 TCP virtual server capabilities with support for transparent TCP proxying and advanced TCP optimization features. While transparent proxy modes (Layer 2 and Layer 3) were already available for other types of virtual servers, this enhancement makes them available for L7 TCP virtual servers, enabling inline deployments with full application-layer visibility and control. In addition, L7 TCP profiles now include per-connection tuning parameters and congestion control options, giving administrators precise control over throughput, efficiency, and reliability.

    Content Rewriting support for HTTP/3 and Backend HTTP/2 8.0.1

    FortiADC 8.0.1 extends the content rewriting functionality to HTTPS Virtual Servers that have HTTP/3 enabled on the frontend or Backend HTTP/2 enabled. Previously, content rewriting was limited to Virtual Servers with HTTP profiles, which meant services delivered over HTTP/3 or full end-to-end HTTP/2 could not take advantage of the same traffic manipulation policies.

    Global Load Balance

    New Secondary Zone Type with Secure AXFR Synchronization via TSIG Authentication 8.0.1

    FortiADC introduces a new Secondary zone type to expand its DNS role beyond primary-only operation. Previously, FortiADC could act only as a primary DNS server, serving zone data to other secondaries. With this enhancement, it can also function as a secondary, synchronizing its DNS zone data from an upstream primary server using AXFR (Authoritative Zone Transfer). To enable secure synchronization, this release also adds support for TSIG (Transaction SIGnature) authentication, ensuring that AXFR transfers and NOTIFY messages are validated and accepted only from trusted servers. Together, these enhancements provide a more flexible, interoperable, and secure foundation for Global Server Load Balancing (GSLB).

    User-Defined Certificates and CA Verification for GSLB 8.0.1

    FortiADC now supports user-defined certificates and peer certificate verification for Global Server Load Balancing (GSLB). This enhancement strengthens authentication between GLB and SLB, mitigates man-in-the-middle (MITM) risks, and enables integration with enterprise PKI infrastructures. It also extends cipher suite support to include FIPS-compliant options, ensuring compliance with stricter security requirements.

    Network Security

    CLI Commands to Manage TCP DoS Block List 8.0.1

    FortiADC introduces two new CLI commands to manage entries in the TCP DoS block list:

    • execute dos get tcp-block-list displays source IPs currently blocked by a DoS profile, along with source port, destination, and remaining block time.

    • execute dos release tcp-block-list removes entries from the block list, either by source IP or all at once.

    These commands apply specifically to Layer 4 DoS protections that use the Period Block action, including TCP access flood protection and TCP slow-data attack protection. When these protections detect excessive or abnormal connection behavior, offending source IPs are temporarily blocked for the configured duration.

    Log & Report

    Traffic Log Enhancement 8.0.1

    The Traffic Log page has been completely redesigned to make log investigation faster, more flexible, and more intuitive. The new interface enables administrators to analyze large datasets without interruption, quickly isolate events using dynamic filters, and customize the log view to focus on the most relevant metrics. These enhancements streamline routine monitoring and accelerate troubleshooting across all traffic log types.

    Platform

    Expanded Local Certificate Group Member Limit 8.0.1

    FortiADC 8.0.1 increases the maximum number of Local Certificate Group Members from 256 to 1024. This change provides greater flexibility for large-scale deployments that manage extensive sets of local certificates within a single group.

    OpenSSL Upgrade to 3.3 8.0.1

    FortiADC 8.0.1 upgrades the OpenSSL library to version 3.3 to align with the latest security compliance requirements and upstream fixes.

    OCI DRCC support 8.0.1

    FortiADC-VM is supported in OCI Dedicated Region Cloud@Customer (DRCC). For more information, see Dedicated Region Cloud@Customer.

    Previous
    Next