Fortinet black logo

Handbook

Networking

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:404830
Download PDF

Networking

This section introduces new networking features in FortiOS 6.0.

SD-WAN improvements

FortiOS 6.0 introduces the following SD-WAN features:

  • Multiple server support for health checks
  • Internet service groups
  • Bandwidth options in SD-WAN rules
  • Custom profiles in SD-WAN rules
  • DSCP tagging of forwarded packets in SD-WAN rules

For more information, see SD-WAN.

Multipath intelligence and performance SLAs

SD-WAN performance Service-Level Agreements (SLAs) incorporate multilayer SLA monitoring of link selection. To help handle emergency load or outages you can select links based on weight and SLA priority and then return to defaults once the network stabilizes. Also, traffic shaping and application intelligence have been added to the SD-WAN configuration, which gives you more control of SD-WAN traffic.

For more information, see SD-WAN.

Application awareness

You can now use application control and application control group options in SD-WAN rules.

Internet Service support is also increased from a single Internet Service to Internet Service groups.

For more information, see SD-WAN.

BGP dynamic routing and IPv6 support for SD-WAN

FortiOS 6.0 introduces support for dynamic router for an SD-WAN configuration. You can set up a route map and add a route tag to the route map. Then, you can create an SD-WAN configuration, a health check, and a service for it. When you create the service, you add the configured route tag that you created in the route map to the service.

For more information, see SD-WAN.

Interface-based traffic shaping

In FortiOS 6.0, you can now enable traffic shaping on an interface. Interface-based traffic shaping allows you to enforce bandwidth limits by traffic type for individual interfaces.

Cloud-assisted one-click VPN

One-click VPN (OCVPN) is a cloud-based solution that greatly simplifies the provisioning and configuration of IPsec VPN. The administrator enables OCVPN with a single click, adds the required subnets, and then the configuration is complete. The OCVPN updates each FortiGate automatically as devices join and leave the VPN, as subnets are added and removed, when dynamic external IP addresses change (for example, DHCP or PPPoE), and when WAN interface bindings change (as in the case of dual WAN redundancy).

For more information, see One-Click VPN (OCVPN).

IPv6 enhancements

The following new IPv6 features have been added.

  • IPv6 captive portal
  • IPv6 FQDN and wildcard firewall addresses
  • IPv6 ISIS dynamic routing
  • DHCPv6 server prefix delegation
  • IPv6 DFD and VRRP

For more information, see IPv6.

NAT enhancements

The following new NAT features have been added.

  • Central source NAT (SNAT) policies now include a comment field
  • Port block allocation timeout is configurable
  • NAT46 IP pools
  • VRRP HA supports firewall virtual IPs (VIPs) and IP pools

For more information, see NAT.

EMAC-VLAN support

The media access control (MAC) virtual local area network (VLAN) feature in Linux allows you to configure multiple virtual interfaces with different MAC addresses (and therefore different IP addresses) on a physical interface.

For more information, see Enhanced MAC VLANs.

Networking

This section introduces new networking features in FortiOS 6.0.

SD-WAN improvements

FortiOS 6.0 introduces the following SD-WAN features:

  • Multiple server support for health checks
  • Internet service groups
  • Bandwidth options in SD-WAN rules
  • Custom profiles in SD-WAN rules
  • DSCP tagging of forwarded packets in SD-WAN rules

For more information, see SD-WAN.

Multipath intelligence and performance SLAs

SD-WAN performance Service-Level Agreements (SLAs) incorporate multilayer SLA monitoring of link selection. To help handle emergency load or outages you can select links based on weight and SLA priority and then return to defaults once the network stabilizes. Also, traffic shaping and application intelligence have been added to the SD-WAN configuration, which gives you more control of SD-WAN traffic.

For more information, see SD-WAN.

Application awareness

You can now use application control and application control group options in SD-WAN rules.

Internet Service support is also increased from a single Internet Service to Internet Service groups.

For more information, see SD-WAN.

BGP dynamic routing and IPv6 support for SD-WAN

FortiOS 6.0 introduces support for dynamic router for an SD-WAN configuration. You can set up a route map and add a route tag to the route map. Then, you can create an SD-WAN configuration, a health check, and a service for it. When you create the service, you add the configured route tag that you created in the route map to the service.

For more information, see SD-WAN.

Interface-based traffic shaping

In FortiOS 6.0, you can now enable traffic shaping on an interface. Interface-based traffic shaping allows you to enforce bandwidth limits by traffic type for individual interfaces.

Cloud-assisted one-click VPN

One-click VPN (OCVPN) is a cloud-based solution that greatly simplifies the provisioning and configuration of IPsec VPN. The administrator enables OCVPN with a single click, adds the required subnets, and then the configuration is complete. The OCVPN updates each FortiGate automatically as devices join and leave the VPN, as subnets are added and removed, when dynamic external IP addresses change (for example, DHCP or PPPoE), and when WAN interface bindings change (as in the case of dual WAN redundancy).

For more information, see One-Click VPN (OCVPN).

IPv6 enhancements

The following new IPv6 features have been added.

  • IPv6 captive portal
  • IPv6 FQDN and wildcard firewall addresses
  • IPv6 ISIS dynamic routing
  • DHCPv6 server prefix delegation
  • IPv6 DFD and VRRP

For more information, see IPv6.

NAT enhancements

The following new NAT features have been added.

  • Central source NAT (SNAT) policies now include a comment field
  • Port block allocation timeout is configurable
  • NAT46 IP pools
  • VRRP HA supports firewall virtual IPs (VIPs) and IP pools

For more information, see NAT.

EMAC-VLAN support

The media access control (MAC) virtual local area network (VLAN) feature in Linux allows you to configure multiple virtual interfaces with different MAC addresses (and therefore different IP addresses) on a physical interface.

For more information, see Enhanced MAC VLANs.