Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiADC 8.0.2 Administration Guide
    8.0.2
    8.0.2
    8.0.1
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0

    Layer 7 capabilities for HTTP/HTTPS traffic

    Layer 7 capabilities for HTTP/HTTPS traffic

    FortiADC provides full-featured support for HTTP/HTTPS traffic, combining secure protocol handling with advanced application delivery, visibility, and optimization.

    Packet Processing

    We will introduce FortiADC’s HTTP/HTTPS packet processing capabilities from the following perspectives:

    SSL offloading (If HTTPS is used)

    • Terminates incoming HTTPS connections, decrypts the content for inspection and optimization, and optionally re-encrypts when forwarding to the back-end.

    • Acts as a secure proxy, presenting server certificates on behalf of applications—centralizing certificate management and simplifying compliance.

    HTTP2 and HTTP3 support

    Supports next-gen protocols (HTTP/2 and HTTP/3), enabling multiplexing, better latency, and improved mobile performance.

    Compression & Decompression

    Speeds up content delivery by compressing HTTP payloads (GZIP, Deflate) and decompressing if needed.

    Caching

    Reduces back-end load and latency by caching static or semi-static content.

    Content Rewriting

    FortiADC allows you to modify content within HTTP and HTTPS requests/responses using content rewriting policies. This can include:

    • Header Rewriting: Add, remove, or replace HTTP headers (e.g., Server, Set-Cookie, etc.).

    • URL Rewriting: Change URL paths or query parameters on-the-fly.

    • Redirects: Implement conditional HTTP redirects.

    Resilient connection handling

    • Multiple timeout settings manage every stage of HTTPS session lifecycle, from initial connection to request processing, ensuring graceful failover and efficient resource use.

    • Requests waiting due to server overload are queued and served or dropped based on queue timeout settings.

    • Can maintain session stability even when one side closes, useful in mobile or distributed environments.

    • Supports HTTP Keepalive to reuse connections for multiple requests—reducing handshake overhead and improving response time.

    Advanced buffer and header tuning

    Advanced options like buffer size and max header count allow tuning for high-performance or high-concurrency environments.

    Client IP preservation

    Maintains client IP visibility via:

    • Transparent source IP pass-through (when Client Address is enabled)

    • X-Forwarded-For header injection

    Content Routing

    Routing content based on HTTP Host Header, HTTP Request URL, HTTP Referer Header, Source IP address, SNI.

    Load Balancing Methods

    Round Robin, Least Connection, URI Hash, Full URI Hash, Host Hash, Host Domain Hash, Dynamic Load

    Persistence

    Source Address, Source Address Hash, Source Address-Port Hash, HTTP Header Hash, HTTP Request Hash, Cookie Hash, Persistent Cookie, Insert Cookie, Embedded Cookie, Rewrite Cookie, SSL Session ID (HTTPS only), Passive Cookie

    Security Check

    • Antivirus

    • DoS prevention

    • IP Reputation

    • Geo IP-based access control

    • WAF checks including SQL/XSS injection check, signature-based inspection, anomaly detection, bot mitigation, API Protection, etc.

    Previous
    Next

    Layer 7 capabilities for HTTP/HTTPS traffic

    Layer 7 capabilities for HTTP/HTTPS traffic

    FortiADC provides full-featured support for HTTP/HTTPS traffic, combining secure protocol handling with advanced application delivery, visibility, and optimization.

    Packet Processing

    We will introduce FortiADC’s HTTP/HTTPS packet processing capabilities from the following perspectives:

    SSL offloading (If HTTPS is used)

    • Terminates incoming HTTPS connections, decrypts the content for inspection and optimization, and optionally re-encrypts when forwarding to the back-end.

    • Acts as a secure proxy, presenting server certificates on behalf of applications—centralizing certificate management and simplifying compliance.

    HTTP2 and HTTP3 support

    Supports next-gen protocols (HTTP/2 and HTTP/3), enabling multiplexing, better latency, and improved mobile performance.

    Compression & Decompression

    Speeds up content delivery by compressing HTTP payloads (GZIP, Deflate) and decompressing if needed.

    Caching

    Reduces back-end load and latency by caching static or semi-static content.

    Content Rewriting

    FortiADC allows you to modify content within HTTP and HTTPS requests/responses using content rewriting policies. This can include:

    • Header Rewriting: Add, remove, or replace HTTP headers (e.g., Server, Set-Cookie, etc.).

    • URL Rewriting: Change URL paths or query parameters on-the-fly.

    • Redirects: Implement conditional HTTP redirects.

    Resilient connection handling

    • Multiple timeout settings manage every stage of HTTPS session lifecycle, from initial connection to request processing, ensuring graceful failover and efficient resource use.

    • Requests waiting due to server overload are queued and served or dropped based on queue timeout settings.

    • Can maintain session stability even when one side closes, useful in mobile or distributed environments.

    • Supports HTTP Keepalive to reuse connections for multiple requests—reducing handshake overhead and improving response time.

    Advanced buffer and header tuning

    Advanced options like buffer size and max header count allow tuning for high-performance or high-concurrency environments.

    Client IP preservation

    Maintains client IP visibility via:

    • Transparent source IP pass-through (when Client Address is enabled)

    • X-Forwarded-For header injection

    Content Routing

    Routing content based on HTTP Host Header, HTTP Request URL, HTTP Referer Header, Source IP address, SNI.

    Load Balancing Methods

    Round Robin, Least Connection, URI Hash, Full URI Hash, Host Hash, Host Domain Hash, Dynamic Load

    Persistence

    Source Address, Source Address Hash, Source Address-Port Hash, HTTP Header Hash, HTTP Request Hash, Cookie Hash, Persistent Cookie, Insert Cookie, Embedded Cookie, Rewrite Cookie, SSL Session ID (HTTPS only), Passive Cookie

    Security Check

    • Antivirus

    • DoS prevention

    • IP Reputation

    • Geo IP-based access control

    • WAF checks including SQL/XSS injection check, signature-based inspection, anomaly detection, bot mitigation, API Protection, etc.

    Previous
    Next