What’s new
FortiTester 7.0.0 offers the following new features and enhancements:
New GUI
FortiTester v7.0 has a brand new GUI interface for enhanced usability and experience. While most items are unchanged but users will find a similar “FortiOS” experience in selection and searching. Noticeably multi-selection will involve the use of mouse and the shift key, rather than use of checkboxes in previous versions.
Support for Fortinet Security Fabric
FortiTester 7.0.0 will have the ability to connect to FortiOS security Fabric and display data such as system information in FortiOS as a widget, which will also appear in physical and logical topology in FortiOS. For detailed configuration, please refer to the administration guide. Here are some key settings in FortiTester and how it appears in FortiGate.
You can set the configuration up in the console.
Screen on FortiGate:
Function Enhancement
With RFC2544 performance testing in Cloud environments such as AWS/Azure, often MTU could be smaller than FortiTester default MTU of 1500 bytes (which cannot be change along with Cloud platforms), and hence maximum frame size could not be tested. In this version, FortiTester allows users to specify frame sizes to cater for different path MTU.
Example
Assume an RFC default MTU size as 1500 bytes. If Cloud MTU path is 1480, then 1480 bytes + 18 bytes (frame header+CRC) = 1498 bytes as the maximum frame size.
-
For the RFC2544 case, add Frame Size config by a user. Go to Specifics > Load > Frame Size > UserDefined.
-
Add an option to set the "do not fragment" flag in both client and server sides for IPv4.
-
Add ramp up/down for UDP PPS based on flow.
SSL-VPN SNI function support
The SNI (Server Name Indication) function of SSLVPN case supports deploying an Intermediate equipment, such as FortiSASE, between FortiTester and FortiGate. The FortiTester sendsan SSL VPN tunnel connection request containing SNI extension field to the intermediate device, which parses the extension and forwards message to the desired FortiGate.
To set up the SSL-VPN SNI function:
- Go to Cases > Performance Testing > Objects > Hosts to display the Hosts Management page.
- Click + Create New to add maps between hostnames to IP addresses.
- Go to Cases > Performance Testing > Objects > Host > Host Groups to display the Host Groups page.
- Click + Create New to add maps between ports and hosts.
-
Go to Cases > Performance Testing > VPN > SSL-VPN > CPS(RPS/CC/Throughput) to select case options and click on OK button.
-
Select the VPN Host Group and select the Host Group which is set in step 4.
Tip on using Frame size with RFC2544 testing
While FortiTester complies with RFC2544 when sending out fixed frame size, in certain environment such as public cloud, sending 1500 MTU packet size will cause a problem as cloud networking devices might have MTU less than 1500 (e.g. 1480 bytes), and making transmission impossible. Hence users can use “User Defined” packet size such as 1498 (this includes 18 bytes frame header + CRC) to allow maximum packet size (1498-18 = 1480) to be tested in cloud environment.
Example
Cloud MTU = 1480 = IP MTU (set by cloud devices)
FortiTester sends out 1498 frame size = Ethernet frame size (minus 18bytes = 1480, the maximum packet size sent)