FortiGate / FortiOS

FortiManager

FortiAnalyzer

Administration Guide

Introduction
Key Concepts and Features
- Server load balancing
- Link load balancing
- Global load balancing
- Security
- High availability
- Virtual Domain (VDOM) and Administrative Domain (ADOM)
FortiADC's role and placement in network topology
- Choosing the right deployment: Layer 2, Layer 4, and Layer 7 traffic processing
- Layer 2 deployment mode (Inline Transparent Deployment)
- Layer 4 Deployment modes
- Layer 7 deployment mode (Reverse Proxy Deployment)
Getting Started
- Step 1: Install the appliance
- Step 2: Configure the management interface
- Step 3: Configure basic network settings
- Step 4: Test connectivity to destination servers
- Step 5: Complete product registration, licensing, and upgrades
- Step 6: Configure a basic server load balancing policy
- Step 7: Test the deployment
- Step 8: Back up the configuration
FortiAI Assistant
- Enabling Administrator Access to FortiAI
- Using FortiAI
- Generating Lua Scripts with Text-to-Script
- FortiAI Tokens and Licensing
- FortiAI Data Privacy and Security
- FortiAI Example Tasks
Dashboard
- Widgets
- Dashboard management tools
Security Fabric
- Automation
- Fabric connectors
- External connectors
FortiView
- Logical Topology
- Server Load Balance
- Security
- System
  - Event Logs
  - Automation
- Global Load Balance
  - Host
  - Data Analytics
- Link Load Balance
  - Gateway
- ZTNA FortiClient endpoint
- AAG User Sessions
System
- Settings
- Cloud Auto Scaling
- Azure LB Backend
- Virtual Domain
- High Availability
- Traffic Group
- Administrator
- Global Resources
- WCCP
- SNMP
- Replacement Messages
- FortiGuard
- Debug
- Certificate
- Feature Visibility
Network
- Interface
- Routing
- NAT
  - Configuring source NAT
  - Configuring 1-to-1 NAT
- QoS
- Packet capture
Shared Resources
- Health Check
- Schedule Group
- Address
- Service
  - Creating service groups
  - Creating service objects
Server Load Balance
- Virtual Server
- Application Resources
- Application Optimization
- Real Server Pool
- Scripting
  - Using HTTP scripting
    - Waiting Room for virtual queuing
  - Using Stream scripting
- SSL-FP Resources
Link Load Balance
- Link Policy
- Link Group
- Virtual Tunnel
Global Load Balance
- GLB Wizard
- FQDN
- Zone Tools
- Global Object
Web Application Firewall
- OWASP TOP10
- WAF Profile
- Known Web Attacks
  - Configuring a Web Attack Signature policy
  - Using the Signature Creation Wizard
- Common Attacks Detection
- Sensitive Data Protection
  - Configuring a Cookie Security policy
  - Configuring an HTTP Header Security policy
- Data Loss Prevention
- Input Validation
- Access Protection
- CORS Protection
- API Protection
- Bot Mitigation
- Web Vulnerability Scanner
WAF Adaptive Learning
- Configuring an Adaptive Learning policy
- Viewing Adaptive Learning Analysis and Recommendation
- Practical Applications of Adaptive Learning
- Adaptive Learning troubleshooting and debugging
Advanced Bot Protection (ABP)
- Enabling the Advanced Bot Protection connector
- Obtaining the Application ID from the FortiGuard ABP User Portal
- Configuring an Advanced Bot Protection policy
- Advanced Bot Protection troubleshooting and debugging
Network Security
- Firewall
- Intrusion Prevention
- AntiVirus
- IP Reputation
- Geo IP Protection
- DoS Protection
Zero Trust Network Access (ZTNA)
- How device identity and trust context is established with FortiClient EMS
- Configuring FortiClient EMS Connector for ZTNA
- Verifying client certificate, FortiClient endpoint and ZTNA tag synchronized from FortiClient EMS
- Configuring a ZTNA Profile
- ZTNA troubleshooting and debugging
Application Access Manager
- Access Policy
- Agentless Application Gateway (AAG)
- User Authentication
Log & Report
- Using the traffic log
- Using the security log
- Using the script log
- Log Setting
- Report Setting
AI Threat Analytics
- AI Threat Analytics troubleshooting and debugging
SSL Advanced Services
- SSL offloading
- SSL decryption by forward proxy
- SSL profile configurations
- Certificate guidelines
- SSL/TLS versions and cipher suites
- Exceptions list
- SSL traffic mirroring
- HSM Integration
Best Practices and Fine-tuning
- Regular backups
  - Rebooting, resetting, and shutting down the system
  - SCP support for configuration backup
- Security
- Performance tips
- High availability
FortiADC Use Cases
- DNS Load Balancing and DDoS Protection
- Global Server Load Balancing in Hybrid Environments
- Selecting the Optimal Mode: VDOM vs. ADOM
- SAP Application Integration
- Multi-Cloud Application Load Balancing
- Leveraging DevOps Tools (Ansible/Terraform) to Manage FortiADC
Troubleshooting
- Logs
- Tools
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
- Additional resources
Appendices
- Maximum Configuration Values
- Supported image versions for EOS models
Change Log

Home FortiADC 8.0.2 Administration Guide

8.0.2

Layer 7 capabilities for Diameter traffic

Diameter is a protocol used primarily for authentication, authorization, and accounting (AAA) in telecom networks (e.g., LTE, 5G). FortiADC provides application-aware control for Diameter traffic, allowing selective modification and session handling.

Packet Processing
Content Routing
Load Balancing Methods
Persistence
Security Check

Packet Processing

Application-Layer Attribute Rewriting

FortiADC allows modification of critical Diameter AVPs (Attribute-Value Pairs), including Origin-Host, Origin-Realm, Vendor-ID, and Product-Name.

Session Handling and Timeout

FortiADC supports Idle Timeout configurable up to 86,400 seconds (24 hours). This controls session persistence.
FortiADC can keep the client connection alive even if the server closes its side. This ensures resilience in mobile core or AAA networks where clients expect persistent sessions.

Security

FortiADC can enable TLS encryption for Diameter messages on the client side. This is useful for securing AAA communications in environments that require encrypted Diameter signaling (e.g., Diameter over TLS as per 3GPP standards).

Content Routing

FortiADC doesn't support content routing for Diameter traffic.

Load Balancing Methods

Round Robin

Persistence

Source Address, Diameter Session ID (default)

Security Check

FortiADC doesn't support security check for Diameter traffic.

Layer 7 capabilities for Diameter traffic

Packet Processing
Content Routing
Load Balancing Methods
Persistence
Security Check

Packet Processing

Application-Layer Attribute Rewriting

FortiADC allows modification of critical Diameter AVPs (Attribute-Value Pairs), including Origin-Host, Origin-Realm, Vendor-ID, and Product-Name.

Session Handling and Timeout

FortiADC supports Idle Timeout configurable up to 86,400 seconds (24 hours). This controls session persistence.
FortiADC can keep the client connection alive even if the server closes its side. This ensures resilience in mobile core or AAA networks where clients expect persistent sessions.

Security

Content Routing

FortiADC doesn't support content routing for Diameter traffic.

Load Balancing Methods

Round Robin

Persistence

Source Address, Diameter Session ID (default)

Security Check

FortiADC doesn't support security check for Diameter traffic.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Administration Guide

Layer 7 capabilities for Diameter traffic

Layer 7 capabilities for Diameter traffic

Packet Processing

Content Routing

Load Balancing Methods

Persistence

Security Check

Layer 7 capabilities for Diameter traffic

Layer 7 capabilities for Diameter traffic

Packet Processing

Content Routing