Fortinet white logo
Fortinet white logo

Handbook

What's New in FortiDDoS 7.x

What's New in FortiDDoS 7.x

7.0.0

FortiDDoS 7.0.0 offers the following new features:

GUI and Graph updates

The following updates were made to the FortiDDoS-F GUI and graphs.

General:

  • Users may see minor changes on many pages as we update the GUI framework. Be sure to clear the browser cache after upgrade or to use Incognito/ Private Modes when accessing FortiDDoS GUI.

  • Improvement in UI performance, particularly for VMs.

  • Improved positioning of tool-tip information panel for easier graph viewing.

System Management:

  • Certificate Type added to System > Certificates table for clarification.

Service Protection:

  • ICMP Type Code table index columns are removed to reduce confusion.

  • In DNS Profile FQDN Files, FQDN List and FQDN RegEX are displayed separately for simultaneous use, but all three — Files, List, and RegEX — must be collectively set as Allow or Deny; they are not independent.

  • DNS Graphs have been divided, resulting in fewer subgraphs per display for improved visibility.

  • FQDN Allowlist drops now show as attack event, DNS UDP/ TCP Query Dropped under flood (FQDN Allow list unmatched)

  • SSL/ TLS Version Anomaly has been redesigned for better functionality. Users can now select the version(s) to be blocked.

Monitor:

  • Main Menu Monitor > Interfaces is moved to Monitor > TRAFFIC MONITOR > Interfaces for more logical progression.

  • ACL Search response now shows the associated SPP Detection/ Prevention Mode in each direction.

Log and Report:

  • Additional search options, including log text search, are now available on Event and Attack Log pages.

  • CSV download of the pre-sorted logs from the Attack Details page in Top Attacks SPP is available.

  • An additional default table is added to Reports, displaying the Detection/ Prevention Mode status in each direction for all SPPs.

  • The GUI side-panel used for Attack Log details is now also used in Top Attacks Detail page for easier log browsing.

  • On-demand, Scheduled, and Attack Threshold Reports now display Top 20 matching events per table (from previous top 10).

Expanded support for UDP Service Ports to include "low" ports
  • FortiDDoS designates ports 1-9999 as "service" ports. Traffic using ports >9,999 is linked to the corresponding service port (e.g., 443). With rising UDP traffic, distinguishing between "intermediate" ports (1024-9999) becomes challenging. Release 7.0.0 allows users to add "low" ports as UDP Service Ports. Please see typical UDP service ports in the Service Port documentation. It's advised to include known UDP Reflection ports for better flood detection (e.g., UDP 1900 to 3513). Refer to the Service Protection Policy documentation for details.

Inter-appliance HA protocol change
  • The inter-appliance HA protocol has changed. While unlikely, this might affect existing HA users.

  • High Availability (HA) is optimized for balanced traffic across two data centers. In normal operation, both appliances in the HA pair are set to Fail Closed, allowing traffic to switch to the alternate link or appliance in the event of a link or system failure. If one appliance loses the HA heartbeat from the other, it transitions to a Primary state but changes its failure mode from Fail Closed to Fail-Open. This adjustment prevents traffic blockage in the rare occurrence of a dual system failure.

Increased syslog support
  • Event and Attack Syslogs now support RFC 5424 and FortiAnalyzer encrypted formats.

Profile addition
  • Video Conference Profile added. First conference service is Zoom.

Network Diagnostics expansion
  • A new addition to the Network menu is the Diagnostics item, offering a deep packet trace for troubleshooting purposes. Please employ this feature only under the guidance of Fortinet technical staff.

Fail-Closed enhancements
  • Fail-closed functionality in version 6.5.0 had an issue where, in Fail Closed Mode, the link would briefly block traffic but then revert to fail-open. To address this, the functionality was reverted to 6.4.x. Fail Closed Mode now works correctly, but manual bypass won't work in this mode. Users must switch to Fail-Open, manually bypass, and then revert to Fail-Closed after removing the manual bypass, with a warning for attempting a manual bypass in Fail-Closed Mode.

Management Port TLS configuration update
  • Management Port TLS versions allowed are now explicitly configured for TLS 1.1, 1.2, or 1.3. All are allowed by default.

Domain Reputation enhancements
  • A new Domain Reputation Category is available to block IPs that are at high risk of supporting DNS Tunneling.

SPP upgrade
  • It is now possible to include GRE endpoints in an SPP. By assigning configured GRE endpoints to a specific SPP, a highly effective DDoS protection mechanism is achieved, as this SPP should only handle GRE Layer 3 Protocol 47 and ICMP traffic.

Permission updates
  • Permission changes are made to admin and global-admin users. Please see handbook for details.

What's New in FortiDDoS 7.x

What's New in FortiDDoS 7.x

7.0.0

FortiDDoS 7.0.0 offers the following new features:

GUI and Graph updates

The following updates were made to the FortiDDoS-F GUI and graphs.

General:

  • Users may see minor changes on many pages as we update the GUI framework. Be sure to clear the browser cache after upgrade or to use Incognito/ Private Modes when accessing FortiDDoS GUI.

  • Improvement in UI performance, particularly for VMs.

  • Improved positioning of tool-tip information panel for easier graph viewing.

System Management:

  • Certificate Type added to System > Certificates table for clarification.

Service Protection:

  • ICMP Type Code table index columns are removed to reduce confusion.

  • In DNS Profile FQDN Files, FQDN List and FQDN RegEX are displayed separately for simultaneous use, but all three — Files, List, and RegEX — must be collectively set as Allow or Deny; they are not independent.

  • DNS Graphs have been divided, resulting in fewer subgraphs per display for improved visibility.

  • FQDN Allowlist drops now show as attack event, DNS UDP/ TCP Query Dropped under flood (FQDN Allow list unmatched)

  • SSL/ TLS Version Anomaly has been redesigned for better functionality. Users can now select the version(s) to be blocked.

Monitor:

  • Main Menu Monitor > Interfaces is moved to Monitor > TRAFFIC MONITOR > Interfaces for more logical progression.

  • ACL Search response now shows the associated SPP Detection/ Prevention Mode in each direction.

Log and Report:

  • Additional search options, including log text search, are now available on Event and Attack Log pages.

  • CSV download of the pre-sorted logs from the Attack Details page in Top Attacks SPP is available.

  • An additional default table is added to Reports, displaying the Detection/ Prevention Mode status in each direction for all SPPs.

  • The GUI side-panel used for Attack Log details is now also used in Top Attacks Detail page for easier log browsing.

  • On-demand, Scheduled, and Attack Threshold Reports now display Top 20 matching events per table (from previous top 10).

Expanded support for UDP Service Ports to include "low" ports
  • FortiDDoS designates ports 1-9999 as "service" ports. Traffic using ports >9,999 is linked to the corresponding service port (e.g., 443). With rising UDP traffic, distinguishing between "intermediate" ports (1024-9999) becomes challenging. Release 7.0.0 allows users to add "low" ports as UDP Service Ports. Please see typical UDP service ports in the Service Port documentation. It's advised to include known UDP Reflection ports for better flood detection (e.g., UDP 1900 to 3513). Refer to the Service Protection Policy documentation for details.

Inter-appliance HA protocol change
  • The inter-appliance HA protocol has changed. While unlikely, this might affect existing HA users.

  • High Availability (HA) is optimized for balanced traffic across two data centers. In normal operation, both appliances in the HA pair are set to Fail Closed, allowing traffic to switch to the alternate link or appliance in the event of a link or system failure. If one appliance loses the HA heartbeat from the other, it transitions to a Primary state but changes its failure mode from Fail Closed to Fail-Open. This adjustment prevents traffic blockage in the rare occurrence of a dual system failure.

Increased syslog support
  • Event and Attack Syslogs now support RFC 5424 and FortiAnalyzer encrypted formats.

Profile addition
  • Video Conference Profile added. First conference service is Zoom.

Network Diagnostics expansion
  • A new addition to the Network menu is the Diagnostics item, offering a deep packet trace for troubleshooting purposes. Please employ this feature only under the guidance of Fortinet technical staff.

Fail-Closed enhancements
  • Fail-closed functionality in version 6.5.0 had an issue where, in Fail Closed Mode, the link would briefly block traffic but then revert to fail-open. To address this, the functionality was reverted to 6.4.x. Fail Closed Mode now works correctly, but manual bypass won't work in this mode. Users must switch to Fail-Open, manually bypass, and then revert to Fail-Closed after removing the manual bypass, with a warning for attempting a manual bypass in Fail-Closed Mode.

Management Port TLS configuration update
  • Management Port TLS versions allowed are now explicitly configured for TLS 1.1, 1.2, or 1.3. All are allowed by default.

Domain Reputation enhancements
  • A new Domain Reputation Category is available to block IPs that are at high risk of supporting DNS Tunneling.

SPP upgrade
  • It is now possible to include GRE endpoints in an SPP. By assigning configured GRE endpoints to a specific SPP, a highly effective DDoS protection mechanism is achieved, as this SPP should only handle GRE Layer 3 Protocol 47 and ICMP traffic.

Permission updates
  • Permission changes are made to admin and global-admin users. Please see handbook for details.