Features and benefits
FortiTester is a network performance and security attack simulation tool, available both in appliances (10/40/100G), in VM form factor and in public cloud. It provides performance and security tests (Intrusions, malware strike pack, web based/IOT attacks, and MITRE ATT&CK simulation).
Performance tests
FortiTester tests HTTP new connections per second (CPS) performance by simulating multiple clients that generate HTTP traffic.
FortiTester tests requests per second (RPS) performance by simulating multiple clients that generate HTTP traffic.
FortiTester tests HTTP concurrent connection (CC) performance by simulating multiple clients that generate HTTP traffic. All connections include a TCP three-way handshake, a loop of HTTP requests and responses (complete HTTP transaction), and close the connection with TCP FIN.
FortiTester tests HTTP throughput performance by simulating multiple clients that generate HTTP traffic.
The HTTPS CPS test is almost the same as the HTTP CPS test, except that it uses HTTPS traffic.
The HTTPS RPS test is the same as the HTTP RPS test, except that it uses HTTPS traffic.
The HTTPS CC test is the same as the HTTP CC test.
The HTTPS Throughput test is the same as the HTTP Throughput test.
This test establishes a TCP connection (three-way handshake), optional SSL connection (handshake), and completes an HTTP/2 transaction (HTTP/2 request and response), and closes the TCP connection (Reset). It creates one HTTP/2 GET per TCP connection.
This test establishes a TCP connection (three-way handshake), optional SSL connection (handshake), completes multiple HTTP/2 transactions (HTTP/2 request and response), and closes the TCP connection (Reset). It creates multiple HTTPS/2 GET per TCP connection.
This test establishes a large number of TCP connections (three-way handshake), loops complete HTTP/2 transactions (HTTP/2 request and response), and closes the TCP connection.
As opposed to the HTTP Throughput test, which keeps all requests and responses in plain text format, HTTP/2 Throughput uses the binary framing layer to encapsulate all messages in binary format, while still maintaining HTTP semantics, such as verbs, methods, and headers.
This test establishes a HTTP/2 connection (three-way handshake), loops completed HTTP/2 transactions (HTTP/2 request and response), and closes the HTTP/2 connection (Reset), which determines the maximum throughput (total bits per second "on the wire").
FortiTester tests IPSec remote access tunnel concurrent connections (CC) by establishing a remote access IPSec tunnel, completes a full set of HTTP transaction (TCP connection, HTTP request, HTTP response, and TCP connection close) through the tunnel, and terminates the tunnel.
FortiTester establishes a SSL-VPN tunnel connection and completes a full HTTP transaction through it. It creates one HTTP(FTP) transaction per tunnel.
FortiTester establishes a SSL-VPN tunnel connection and completes multiple full HTTP transactions through it. It creates multiple HTTP transactions per tunnel.
FortiTester tests the DUT's ability to support concurrent SSL VPN tunnel connections by establishing a large number of concurrent SSL VPN tunnel connections and completing a full round of HTTP transactions through each tunnel.
SSL-VPN tunnel Throughput test
FortiTester establishes a SSL-VPN tunnel connection, loops a completed HTTP/TCP/UDP transaction and closes the Tunnel.
FortiTester tests UDP throughput by sending a specified size of UDP frames at a maximum or limited speed from simulated clients to simulated servers.
FortiTester tests UDP payload by sending UDP frames with the specified payload from the client to the server.
FortiTester tests TCP throughput by generating a specified volume of two-way TCP traffic flow via specified ports.
FortiTester tests TurboTCP connections per second (CPS) performance by generating a specified volume of CP connection (three-way handshake) and resets the TCP connection.
FortiTester tests TCP concurrent connection performance by generating a specified volume of two-way TCP traffic flow via specified ports.
FortiTester tests the ability of the DUT to handle different types of RFC 2544 throughput. According to RFC2544, throughput is the fastest rate for the number of test frames transmitted by the DUT, which is equal to the number of test frames sent to it by the test equipment.
FortiTester tests the ability of the DUT to handle different types of RFC 2544 latency. According to RFC1242, for store and forward devices, latency is the time interval starting when the last bit of the input frame reaches the input port, ending when the first bit of the output frame is seen on the output port.
FortiTester tests the ability of the DUT to handle different types of RFC 2544 loss rate. According to RFC2544, to determine the frame loss rate, as defined in RFC1242 of a DUT throughout the entire range of input data rates and frame sizes.
FortiTester tests the ability of the DUT to handle different types of RFC 2544 back to back. According to RFC 2544, to characterize the ability of the DUT to process back-to-back frames as defined in RFC 1242.
FortiTester tests the ability of the DUT to handle network-layer data throughput. RFC 3511 is specifically focused on firewall performance.
RFC 3511 Concurrent Capacity throughput test
FortiTester tests the ability of the DUT to determine the maximum number of entries it can store in its connection table.
The Amazon S3 test simulates Amazon S3 (Simple Storage Service) traffic, such as file uploading and downloading, and folder creating.
The AOL Chat (AIM) establishes a TCP connection (three-way handshake), simulates a AIM session, and closes the TCP connection.
The BitTorrent test simulates a download process between peers.
The DB2 test establishes a TCP connection (three-way handshake), sends SQL command by DB2, and then closes the TCP connection.
The Facebook test simulates Facebook traffic, such as login, search and watch video.
The Gtalk test establishes a TCP connection (three-way handshake), simulates a Gtalk chat by XMPP, and closes the TCP connection.
The Gmail test establishes a TCP connection (three-way handshake), sends one email by Gmail and closes the TCP connection.
The test traffic establishes a TCP connection (three-way handshake), sends MSSQL command by MSSQL client, and then closes the TCP connection.
The MySQL test establishes a TCP connection (three-way handshake), sends SQL command by MySQL, and then closes the TCP connection.
The Netflix test establishes a TCP connection (three-way handshake), and simulates Netflix traffic, such as login, watching movie and logout.
The Oracle TNS test establishes a TCP connection (three-way handshake), connects and authenticates to databases, and then closes the TCP connection.
This FortiTester test establishes a TCP connection (three-way handshake), send psql command by PSQL, and then closes the TCP connection.
The Twitter test simulates Twitter traffic, such as post article and watch video.
The WebEx test establishes a TCP connection (three-way handshake), and simulates WebEx traffic, such as login and WebEx.
The WhatsApp case establishes a TCP connection(three-way handshake), controls media sessions between end points and closes the TCP connection.
The Yahoo Mail test establishes a TCP connection (three-way handshake), sends one email by Yahoo and closes the TCP connection.
The TCP YouTube test simulates YouTube client to connect to a YouTube server and access audio or video streams.
The TCP CIFS/SMB test establishes a TCP connection (three-way handshake), simulates a SMBv2 session, and closes the TCP connection.
The TCP FIX test establishes a TCP connection (three-way handshake), simulates a FIXv3 session, and closes the TCP connection.
This FortiTester test establishes a TCP connection (three-way handshake), transfers one file by FTP, and then closes the TCP.
FortiTester tests the ability of the DUT to handle different types of IMAP. This test establishes a TCP connection (three-way handshake), receives one email by IMAP and closes the TCP connection.
This FortiTester test establishes a TCP connection (three-way handshake), searches entries by LDAP, and then closes the TCP connection.
The TCP NFS test establishes a TCP connection (three-way handshake), simulates a NFSv3 session, and closes the TCP connection.
FortiTester tests the ability of the DUT to handle different types of POP3. This test traffic establishes a TCP connection (three-way handshake), receives one mail by POP3 and closes the TCP connection.
The test traffic establishes a TCP connection (three-way handshake), constructs a RDP connection, sends fastpath format events and then closes the TCP connection.
FortiTester tests performance of a target device under SMTP traffic by simulating a volume of clients to generate SMTP traffic.
This test establishes a TCP connection (three-way handshake), simulates a SSH interactive session and closes the TCP connection.
FortiTester tests the latency of the DUT while handling DNS query requests. The DUT could be a gateway device or a DNS server. This test traffic sends DNS requests to a DNS server and measures latency.
The NTP test sends NTP query traffic to an NTP server under test. FortiTester receives real time information from the DUT and measures latency.
The RADIUS test sends RADIUS requests to a RADIUS server to measure the number of response types per second.
FortiTester tests UDP SIP by sending UDP frames with the specified SIP from the client to the server.
The TFTP test sends TFTP requests to a TFTP server to measure the number of requests sent and performed per second.
The IPv4 DHCP test sends DHCP requests to the DHCP server and measures latency. The IPv6 DHCP test sends NS and RA messages to request an IPv6 address through DHCPv6 stateless mode.
The IGMP test sends join messages to the device under test (DUT), such as a router or firewall, and the DUT forwards the data stream from the server.
The RTSP/RTP test establishes a TCP connection with a three-way handshake, controls media sessions between end points, and closes the TCP connection. This test also tests the firewall's ability to open and close pinholes.
FortiTester tests user-defined scenarios by replaying pcap files. Typically, pcap files are generated by programs like tcpdump or Wireshark.
FortiTester tests GTP connections by replaying existing GTPv1 and GTPv2 files. FortiTester uses these files to send test packets to the device under test (DUT).
The packet capture test captures packets received from the network adapter.
FortiTester tests mixed traffic performance by simulating multiple clients that burst all types of traffic simultaneously.
Security tests
FortiTester tests the DUT's ability to handle different types of DDoS attacks. This test attempts to deplete the DUT's resources by flooding the DUT with non-session based attacks.
FortiTester tests the DUT's ability to handle different types of DDoS attacks. This test attempts to deplete the DUT's resources by flooding the DUT with TCP attacks.
FortiTester tests the DUT's ability to handle attempts to deplete the DUT's resources by flooding the DUT with HTTP attacks.
DDoS concurrent session flood test
FortiTester tests the DUT's ability to handle attempts to deplete the DUT's resources. FortiTester floods the DUT with HTTP attacks and then puts the session on hold for an extended period of time.
FortiTester tests the DUT's ability to handle attempts to deplete DUT's resources. FortiTester floods the DUT with UDP packets with random source IP and port on client-traffic side.
FortiTester measure the device's ability to handle invalid IP, TCP, UDP, and ICMP packets, which send invalid fuzzed packets to DUT devices and validate whether the device continues to operate.
FortiTester can test security systems by replaying a predefined or customized set of attack traffic. The predefined set covers 100 types of attacks. The test result shows the CVE-ID for every type of attack. You can also see the attack list in the Cases > Security Testing > IPS > Attack page.
The HTTP Evasion Replay test replays packet tampered through HTTP evasion engine. FortiTester corrupts custom HTTP pcap file according to the selected Evasion Types, then replay such corrupted pcap files to target servers to see if servers have the ability to resist such attack.
This test sends files with HTTP/FTP/SMTP/IMAP/POP3 protocol and detect viruses in files.
The web crawler test runs a web crawler simulation to query URLs through the DUT. This is done to test the DUT's web access security policies.
The Web Protection test simulates sending web application attacks expected to be detected by the security DUT..
ATT&CK tests
FortiTester simulates the actions that a real adversary would do on the clients' systems. It features a Remote Access Tool (RAT) that performs adversary actions on infected hosts and copies itself over the whole network to increase its foothold.