Fortinet black logo

Release Notes

Home FortiDDoS-F 6.3.1 Release Notes
6.3.1
7.0.0
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0

6.3.0 What's new

6.3.0 What's new

FortiDDoS-F 6.3.0 offers the following new features and enhancements:

DNS Profile enhancements

  • Added FQDN Allow/Blocklist file upload, manual entry, and regex entries.

  • FortiDDoS-F now supports DNS "0x20" mixed case FQDNs.

New DNS Header Anomaly

Incomplete DNS can now be used to block non-DNS traffic to Port 53.

DNSSEC enhancements

FortiDDoS-F has added DNSSEC inspection, anomaly and mitigation options.

UDP Service Ports monitor

User-entered UDP Service Ports over 9999 are now monitored for possible reflection floods.

New graphs and tables on FortiGate Security Fabric Dashboard

FortiDDoS-F now supports the following graphs and tables on FortiGate Security Fabric Dashboard: System Information, Data Path Resources, Aggregate Drops and Top Attacks.

SSL/TLS traffic inspection

FortiDDoS-F 1500F can now inspect SSL/TLS traffic for all HTTP Anomalies and Thresholds. Proper SSL Certificates are required.

Note: This is experimental in 6.3.0 and performance has not been confirmed.

LDAP, RADIUS, TACACS+ remote password authentication

LDAP, RADIUS, TACACS+ remote password authentication is now available with local username, profile and trusted hosts settings. This now supports GUI, CLI and Console logins.

TCP Profile enhancement

TCP Profile now adds Foreign Packet Threshold when Foreign Packet Validation is enabled.

New IP Reputation options

Added Phishing, Spam and TOR (exit nodes) Categories to IP Reputation options.

Debug enhancements

  • Debug file now has CUSTOMER folder which includes: Config, Attack logs, Thresholds, Protection Subnets list (event log in MySQL format to be improved in a later release). Do not use Offline Analysis file.

  • Additional debug logs are added for SNMP.

Packet Capture enhancements

Additional packet capture options are now available.

System time change in Event Log

An Event Log is now added when admin changes system time.

Out of Memory (OOM) conditions

Out of Memory (OOM) conditions are optionally set to pass traffic (bypass - default) or block packets. Please see documentation for conditions that may result in OOM drops.

New RRD troubleshooting and repair CLI commands

Additional RRD troubleshooting and repair CLI commands are now available.

execute create-spp-rrd spp_id 15 among others

check_stale_rrd_files

New User (admin) options

Additional menu items added to the User (admin) drop-down in the GUI:

  • System: Reboot / Shutdown

  • Configuration Backup / Restore

  • Change Password

GUI enhancements

  • Additional special characters are allowed for admin users: a-Z -9_.-*@.

  • Data Port Speed and Duplex settings are shown on Network > Interface page.

  • Global ACL names are included in graphs.

  • Enabled/Disabled status of Global and SPP ACLs is displayed in ACL lists.

  • Variable column widths and text wrapping is added to Dashboard > Status > Top Attacks panel, for improved readability of attack events.

  • Link speed addition to Network GUI.

  • Bypass status icon and inline/bypass text is added to the Dashboard > Status > System Information panel.

  • Filter conditions for several parameter lists (ACLs, Network Ports, etc.) are improved.

  • Network > Interface list can be filtered by Link Status and Config Status (for Port-Pairs and Ports).

  • Improved GUI for System >SNMP > v1/v2/v3.

  • A spinning "loading" icon is shown when the system is building list pages, such as Attack Logs.

  • For most column based lists, clicking the settings () icon in the list header allows the user to customize the columns shown.

  • Dashboard > SPP adds a column for SPP Status (Enable/Disabled).

Previous
Next

6.3.0 What's new

FortiDDoS-F 6.3.0 offers the following new features and enhancements:

DNS Profile enhancements

  • Added FQDN Allow/Blocklist file upload, manual entry, and regex entries.

  • FortiDDoS-F now supports DNS "0x20" mixed case FQDNs.

New DNS Header Anomaly

Incomplete DNS can now be used to block non-DNS traffic to Port 53.

DNSSEC enhancements

FortiDDoS-F has added DNSSEC inspection, anomaly and mitigation options.

UDP Service Ports monitor

User-entered UDP Service Ports over 9999 are now monitored for possible reflection floods.

New graphs and tables on FortiGate Security Fabric Dashboard

FortiDDoS-F now supports the following graphs and tables on FortiGate Security Fabric Dashboard: System Information, Data Path Resources, Aggregate Drops and Top Attacks.

SSL/TLS traffic inspection

FortiDDoS-F 1500F can now inspect SSL/TLS traffic for all HTTP Anomalies and Thresholds. Proper SSL Certificates are required.

Note: This is experimental in 6.3.0 and performance has not been confirmed.

LDAP, RADIUS, TACACS+ remote password authentication

LDAP, RADIUS, TACACS+ remote password authentication is now available with local username, profile and trusted hosts settings. This now supports GUI, CLI and Console logins.

TCP Profile enhancement

TCP Profile now adds Foreign Packet Threshold when Foreign Packet Validation is enabled.

New IP Reputation options

Added Phishing, Spam and TOR (exit nodes) Categories to IP Reputation options.

Debug enhancements

  • Debug file now has CUSTOMER folder which includes: Config, Attack logs, Thresholds, Protection Subnets list (event log in MySQL format to be improved in a later release). Do not use Offline Analysis file.

  • Additional debug logs are added for SNMP.

Packet Capture enhancements

Additional packet capture options are now available.

System time change in Event Log

An Event Log is now added when admin changes system time.

Out of Memory (OOM) conditions

Out of Memory (OOM) conditions are optionally set to pass traffic (bypass - default) or block packets. Please see documentation for conditions that may result in OOM drops.

New RRD troubleshooting and repair CLI commands

Additional RRD troubleshooting and repair CLI commands are now available.

execute create-spp-rrd spp_id 15 among others

check_stale_rrd_files

New User (admin) options

Additional menu items added to the User (admin) drop-down in the GUI:

  • System: Reboot / Shutdown

  • Configuration Backup / Restore

  • Change Password

GUI enhancements

  • Additional special characters are allowed for admin users: a-Z -9_.-*@.

  • Data Port Speed and Duplex settings are shown on Network > Interface page.

  • Global ACL names are included in graphs.

  • Enabled/Disabled status of Global and SPP ACLs is displayed in ACL lists.

  • Variable column widths and text wrapping is added to Dashboard > Status > Top Attacks panel, for improved readability of attack events.

  • Link speed addition to Network GUI.

  • Bypass status icon and inline/bypass text is added to the Dashboard > Status > System Information panel.

  • Filter conditions for several parameter lists (ACLs, Network Ports, etc.) are improved.

  • Network > Interface list can be filtered by Link Status and Config Status (for Port-Pairs and Ports).

  • Improved GUI for System >SNMP > v1/v2/v3.

  • A spinning "loading" icon is shown when the system is building list pages, such as Attack Logs.

  • For most column based lists, clicking the settings () icon in the list header allows the user to customize the columns shown.

  • Dashboard > SPP adds a column for SPP Status (Enable/Disabled).

Previous
Next