Fortinet white logo
Fortinet white logo

Administration Guide

What’s new

What’s new

FortiTester 7.1.0 offers the following new features and enhancements:

Default and Maximum values table

Often when users are selecting FortiTester models to test, the user needs to know the max simusers, subnets configured (up to 8 on higher end models to generate more IPs). FortiTester now shows a table of the default and maximum values for each test case that users can configure. This table can be shown by clicking on the top right of FortiTester GUI. Users can select the models and view the default and maximum configurable options.

Out of Order Reset flag

Often in performance testing, the DUT might have ASIC (e.g. nturbo) or engines enabled which might affect packet orders. In this version, FortiTester added an "Out of Order Reset" flag for ALL TCP related cases. If enabled, this option sets the "Out of Order Reset" flag in both client and server sides for TCP Options.

Note: If enabled with this option, FortiTester will send Reset packet to close the TCP session which has occurred in the out of order sequence.

Internet Mix Option (IMIX)

Internet Mix or IMIX refers to typical Internet traffic passing some network equipment such as routers, switches or firewalls. When measuring equipment performance using an IMIX of packets the performance is assumed to resemble what can be seen in "real-world" conditions.

For RFC2544 and RFC3511 throughput, frame size has added an IMIX option. If you choose IMIX, you need to reference IMIX objects.

Before referencing iMIX, the iMIX object needs to be configured.

The Frame Size/ Packet Size and Weight can be configured. Frame size cannot be repeated, and currently supports up to 10 records.

URL Group in Action of HTTP cases

Before 7.1, FortiTester's action on HTTP/HTTP2/HTTPS test cases can be set to custom, while a request could have up to maximum of 32 URLs. Now in v7.1 ForiTester comes with a new "URL group" option, which allows users to configure/reuse a URL host group object of up to 1000 URLs.

1. Create a URL Group object.

2. A special feature allows the user to add URL Group hosts using existing Host Groups.

After being created, this imported Host Group has no relationship with the URL Group anymore.

One URL Group can have up to 1000 URL's.

3. Open the Action tab in the HTTP-based case. Choose "Custom" in Method and the URL Group will be selectable.

SSLVPN case enhancement

1. Add HTTP RPS within the inner tunnel for SSL-VPN Throughput.

The user can configure Requests Per Connection to determine how many HTTP Requests are sent on one TCP session, and then close it.

2. To support FortiTester ports configured in a trunk 802.1x environment, FortiTester added the ability to add QinQ and VLAN tag field in the network setting for SSLVPN test.

In all SSL-VPN(CPS/RPS/CC/Throughput) cases, create the Tag ID in the Port > Subnet configuration items.

3. Before v7.1 FortiTester had the ability to simulate a single username login for tunnel mode. Now in 7.1, FortiTester provides the ability to simulate multiple user names. This allows FortiView to populate with more rich user name information, for example.

a. Go to Objects > User Groups > Create New to create a user group object.

b. Click Create New to create multiple users/password pairs to the current User Group Object.

c. In SSL-VPN (CPS/RPS/CC/Throughput) cases, click on the "Enable User Group" switch option button and select the User Group created in step a.

Add Connections per Second (CPS) to all SSLVPN

FortiTester v7.1.0 added CPS (connections per second) test mode (along with existing simusers) for SSLVPN CC and Throughput cases. All 4 SSLVPN cases (CPS, CC, RPS and Throughput) support simusers and CPS mode to control the rate of setup of SSLVPN tunnels.

1. In SSL-VPN cases, go to the VPN > SSL-VPN > CC > Load tab > Mode dropdown menu, select Connections/second and fill in the rate.

2. In Throughput case, go to the VPN > SSL-VPN > Throughput > Load tab > Mode dropdown menu, select Connections/second and fill in the rate.

The "Tunnel Concurrent Connection" item is the total number of tunnels created in the Throughput case.

Added "Maximum Timeout Packet Count"

Added "Maximum Timeout Packet Count" to Attack/HTTP Evasion/GTP cases.

Before v7.1, FortiTester devices conducting PCAP replay in ATTACK/HTTP Evasion and GTP will not send further packets if the packet loss count is more than 20. Now, in v7.1, users will have finer control over the max packet loss (from 1-4294,967,295) before FortiTester stops sending packets in PCAP replay package.

New OpenAPI

FortiTester v7.1 supports new OPENAPI format. API browser in GUI has been improved to allow users to try out the API in GUI. Users can also find FortiTester API documentation on FNDN (Fortinet Developer Network).

What’s new

What’s new

FortiTester 7.1.0 offers the following new features and enhancements:

Default and Maximum values table

Often when users are selecting FortiTester models to test, the user needs to know the max simusers, subnets configured (up to 8 on higher end models to generate more IPs). FortiTester now shows a table of the default and maximum values for each test case that users can configure. This table can be shown by clicking on the top right of FortiTester GUI. Users can select the models and view the default and maximum configurable options.

Out of Order Reset flag

Often in performance testing, the DUT might have ASIC (e.g. nturbo) or engines enabled which might affect packet orders. In this version, FortiTester added an "Out of Order Reset" flag for ALL TCP related cases. If enabled, this option sets the "Out of Order Reset" flag in both client and server sides for TCP Options.

Note: If enabled with this option, FortiTester will send Reset packet to close the TCP session which has occurred in the out of order sequence.

Internet Mix Option (IMIX)

Internet Mix or IMIX refers to typical Internet traffic passing some network equipment such as routers, switches or firewalls. When measuring equipment performance using an IMIX of packets the performance is assumed to resemble what can be seen in "real-world" conditions.

For RFC2544 and RFC3511 throughput, frame size has added an IMIX option. If you choose IMIX, you need to reference IMIX objects.

Before referencing iMIX, the iMIX object needs to be configured.

The Frame Size/ Packet Size and Weight can be configured. Frame size cannot be repeated, and currently supports up to 10 records.

URL Group in Action of HTTP cases

Before 7.1, FortiTester's action on HTTP/HTTP2/HTTPS test cases can be set to custom, while a request could have up to maximum of 32 URLs. Now in v7.1 ForiTester comes with a new "URL group" option, which allows users to configure/reuse a URL host group object of up to 1000 URLs.

1. Create a URL Group object.

2. A special feature allows the user to add URL Group hosts using existing Host Groups.

After being created, this imported Host Group has no relationship with the URL Group anymore.

One URL Group can have up to 1000 URL's.

3. Open the Action tab in the HTTP-based case. Choose "Custom" in Method and the URL Group will be selectable.

SSLVPN case enhancement

1. Add HTTP RPS within the inner tunnel for SSL-VPN Throughput.

The user can configure Requests Per Connection to determine how many HTTP Requests are sent on one TCP session, and then close it.

2. To support FortiTester ports configured in a trunk 802.1x environment, FortiTester added the ability to add QinQ and VLAN tag field in the network setting for SSLVPN test.

In all SSL-VPN(CPS/RPS/CC/Throughput) cases, create the Tag ID in the Port > Subnet configuration items.

3. Before v7.1 FortiTester had the ability to simulate a single username login for tunnel mode. Now in 7.1, FortiTester provides the ability to simulate multiple user names. This allows FortiView to populate with more rich user name information, for example.

a. Go to Objects > User Groups > Create New to create a user group object.

b. Click Create New to create multiple users/password pairs to the current User Group Object.

c. In SSL-VPN (CPS/RPS/CC/Throughput) cases, click on the "Enable User Group" switch option button and select the User Group created in step a.

Add Connections per Second (CPS) to all SSLVPN

FortiTester v7.1.0 added CPS (connections per second) test mode (along with existing simusers) for SSLVPN CC and Throughput cases. All 4 SSLVPN cases (CPS, CC, RPS and Throughput) support simusers and CPS mode to control the rate of setup of SSLVPN tunnels.

1. In SSL-VPN cases, go to the VPN > SSL-VPN > CC > Load tab > Mode dropdown menu, select Connections/second and fill in the rate.

2. In Throughput case, go to the VPN > SSL-VPN > Throughput > Load tab > Mode dropdown menu, select Connections/second and fill in the rate.

The "Tunnel Concurrent Connection" item is the total number of tunnels created in the Throughput case.

Added "Maximum Timeout Packet Count"

Added "Maximum Timeout Packet Count" to Attack/HTTP Evasion/GTP cases.

Before v7.1, FortiTester devices conducting PCAP replay in ATTACK/HTTP Evasion and GTP will not send further packets if the packet loss count is more than 20. Now, in v7.1, users will have finer control over the max packet loss (from 1-4294,967,295) before FortiTester stops sending packets in PCAP replay package.

New OpenAPI

FortiTester v7.1 supports new OPENAPI format. API browser in GUI has been improved to allow users to try out the API in GUI. Users can also find FortiTester API documentation on FNDN (Fortinet Developer Network).