What's new
FortiDDoS-F 6.4.0 offers the following new features and enhancements:
New options added to the DNS profile
- Domain Reputation includes Malicious URLs, Botnet Domains and (new) Bitcoin Mining Domains.
-
Options When No Cache Match now include Force TCP, Forward to Server and (new) Drop.
Enhancement to Dashboard > Status > System Information Panel
For appliances, the Dashboard > Status > System Information Panel now allows you to toggle the bypass ports between inline and bypass by clicking the Bypass Status information.
Enhancements to Dashboard widgets and panels
Most Dashboard widgets and panels can now be pinned to show additional information and expanded to full screen for easier viewing.
QUIC support
-
New QUIC Profile which includes Anomaly checks and two handshake checks (Reflection Deny usable only with symmetric Traffic).
-
New QUIC Thresholds and graphs for Initial Request, that include Request Initial packet rate Threshold, Request Initial packet per Source Threshold, and Response Initial packet rate Threshold.
-
Dashboard > Data Path Resources now includes table occupancy for QUIC sessions.
Reports improvements
-
You can now generate reports per SPP or any group of SPPs.
-
Report periods now range from 1 hour to 1 year.
-
You can now generate a report when a drop threshold is exceeded. The report will be for the previous 5 minutes regardless of the selected Report Period. Multiple Reports with different drop thresholds are allowed.
Enhancement DDoS Attack Log
The Log and Report > Logs > DDoS Attack Log has moved the Direction and SPP filters outside of the "Add Filter" menu for easier selection.
Enhancement to Anomaly Drop Graphs
The Monitor > Drops Monitor > SPP > Anomaly Drop Graphs now shows directionality for all graphs except for Aggregate graphs.
FORTINET-CORE-MIB and FORTINET-FORTIDDOS-MIB support
From 6.4.0 onward, the FORTINET-CORE-MIB and FORTINET-FORTIDDOS-MIB will now be included in the build and FortiCare download folders.
HTTP flow improvements
Current HTTP packets can be very long due to client cookies, resulting in truncated (segmented/fragmented) packets. FortiDDoS has now changed the way it detects HTTP flows so that Anomalies for Known Methods, Unknown Methods and Version are detected on the HTTP flow and not packet by packet. HTTP Incomplete Request Action should remain "None" since FortiDDoS cannot determine where the correct message end string is in multi-packet flows.
Enhancements to LDAPS/STARTTLS
LDAPS/STARTTLS now has additional support for CLI logins.
New CLI command: execute restapi-restart
The new CLI command execute restapi-restart
is introduced to resolve reported issues of the GUI "freezing" on the login screen after a successful login.