Fortinet black logo

Release Notes

Home FortiTester 7.3.0 Release Notes
7.3.0
7.4.0
7.3.2
7.3.1
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.1
7.1.0
7.0.0
4.2.1
4.2.0
4.1.1
4.1.0
4.0.0
3.9.2
3.9.1
3.9.0
3.8.0
3.7.1
3.7.0
3.6.0
3.4.0
3.3.1
3.3.0
3.2.0
3.1.0
3.0.0
2.9.0
2.8.0
2.7.0
2.5.0
2.4.1
2.4.0
2.3.0

What's new

What's new

FortiTester 7.3.0 offers the following new features and enhancements:

Sending random files based on user-uploaded files

FortiTester 7.3.0 supports sending random files based on user-uploaded files. It is supported in HTTP/HTTPS/HTTP2/FTP/TFTP/SMTP/POP3 cases.

To create a file object, go to Performance Testing > Object > Files. Click the Create new button to create a file object and upload the file.

Upload the user file created. Then you can configure the request files object and enable the Random File Name and Content option.

Action configuration in HTTP/S/2 cases

The following image shows the HTTP request URI and response body.

Action configurations in FTP cases

The following images show the FTP request file name and content.

Configurations in POP3 cases

The following image shows loading POP3 configurations.

The following image shows the attachment file name and content.

Action configurations in TFTP cases

The following image shows TFTP configurations.

The following image shows the request file name and content.

User-Agent

The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.

FortiTester version 7.3.0 supports configuring User-Agent requests in several application cases including Facebook, Gmail, Netflix, Twitter, WebEx, Yahoo Mail, and YouTube.

SMTP enhancements

Use a sample file as a payload

You can now use a sample file to create an SMTP case by uploading a sample file as the Files Object.

FortiTester currently only has support for .eml file uploads.

Multiple recipients

FortiTester 7.3.0 now supports up to 32 recipients.

Random sender/recipient email addresses

FortiTester 7.3.0 supports inputting “<###>” in Sender/Recipient Email Address. Every # symbol will be converted to random characters.

Random attachment

FortiTester can now generate a random attachment name and content.

Randomize file name and content

FortiTester can now add six random characters to each attachment file name and content.

Base64 disabled

Base64 can be disabled and the payload and attachments will be sent in plain text.

DNS over TLS (DoT)

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. Using this method will increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The most used port number for DoT is 853.

DoT can be found under Performance Testing > Protocol > DNS > TCP.

Key configurations

Mode

If “Simulated Users” is selected, FortiTester simulates users processing through an Actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.

If “Connections/second” is configured (support for CPS and RPS cases), FortiTester simulates TCP connections with each of them containing up to hundreds of transactions. This can be used to test how many concurrent connections can be handled by your device.

Enable DNS outstanding query (Support for RPS cases)

“Enable DNS Outstanding Query” allows multiple DNS queries to be sent in parallel. It is disabled by default, with one DNS query sent at a time. If enabled, you can set the number of parallel queries.

Maximum concurrent connections (Support for CC cases)

You can determine the maximum number of concurrent TCP connections supported through or with the DUT/SUT. This test is intended to find the maximum number of entries the DUT/SUT can store in its connection table.

Think time (Support for CC cases)

Think Time is the delay between client DNS queries by seconds. You can configure the think time between queries.

Domain policy (Support for CPS, RPS, and CC)

FortiTester queries the domains in the specified list. Only “List” type and “A” record is currently supported. You can now configure the expected domain name.

UDP PPS case support using iMIX objects

Internet Mix or iMIX refers to typical Internet traffic passing some network equipment such as routers, switches or firewalls. When measuring equipment performance using an iMIX of packets, the performance is assumed to resemble what can be seen in "real-world" conditions.

iMIX objects can be found under Performance Testing > Objects > iMIX.

UDP PPS Test Case is located in Performance Testing > UDP > PPS.

You can then select iMIX as the Frame Size Type and select the iMIX object.

ATT&CK enhancements

Discontinued support for MITRE version 6

Previously, ATT&CK v6 version and ATT&CK v10 (Beta) version models were both available to use on the GUI. In order to simplify the configuration process and require zero prior knowledge about the environment for user, FortiTester now officially uses the version 10 model and removes all version 6 models on the GUI.

Coverage map

The ATT&CK Matrix Coverage map has been upgraded to version 12. You can select previous versions of the matrix to view from the dropdown list.

New MITRE URL link

All links (Tactic/Technique) in abilities Detail have been directed to the corresponding v10 MITRE ATT&CK Matrix documents on the official website.Tactic/Technique links in Abilities Detail will default to the v10 page.

Ability dependency

When running an ATT&CK case with specific abilities in an Adversary group, the abilities should have a correct sequence to make sure they operate correctly. You can detail "pre-conditions" in the attribute details to make sure abilities that meet these requisites are added to the Adversary group first.

Auto cleanup

The Auto Cleanup option can be used to see how abilities work on agents. The Auto Cleanup is enabled by default.

FortiTester TestCenter Mode by public IP

FortiTester has support to create TestCenter Mode by public IP.

The Test Center client must be accessed by the public IP.

SSLVPN DTLS testing

DTLS provides communications privacy for datagram protocols. It allows client/server applications to communicate in a way that prevents eavesdropping, tampering, or message forgery. DTLS is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees.

DTLS can be found under Performance Testing > VPN > SSL-VPN Specifics > Client > Profile.

Key configurations

DTLS tunnel

If disabled, no DTLS tunnel will be created. Only TLS tunnels will be created for inner traffic. If enabled, DTLS tunnel will be created for inner traffic.

Available DTLS versions

If DTLSv1.0 is selected, DTLSv1.0 will be supported by FortiTester. If DTLSv1.2 is selected, DTLSv1.2 will be supported by FortiTester.

DTLS ciphers

If one DTLS cipher is selected, only the selected DTLS cipher will be supported. It is also possible to select multiple DTLS ciphers at the same time. If all DTLS ciphers are selected, all selected DTLS ciphers will be supported.

Previous
Next

What's new

FortiTester 7.3.0 offers the following new features and enhancements:

Sending random files based on user-uploaded files

FortiTester 7.3.0 supports sending random files based on user-uploaded files. It is supported in HTTP/HTTPS/HTTP2/FTP/TFTP/SMTP/POP3 cases.

To create a file object, go to Performance Testing > Object > Files. Click the Create new button to create a file object and upload the file.

Upload the user file created. Then you can configure the request files object and enable the Random File Name and Content option.

Action configuration in HTTP/S/2 cases

The following image shows the HTTP request URI and response body.

Action configurations in FTP cases

The following images show the FTP request file name and content.

Configurations in POP3 cases

The following image shows loading POP3 configurations.

The following image shows the attachment file name and content.

Action configurations in TFTP cases

The following image shows TFTP configurations.

The following image shows the request file name and content.

User-Agent

The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.

FortiTester version 7.3.0 supports configuring User-Agent requests in several application cases including Facebook, Gmail, Netflix, Twitter, WebEx, Yahoo Mail, and YouTube.

SMTP enhancements

Use a sample file as a payload

You can now use a sample file to create an SMTP case by uploading a sample file as the Files Object.

FortiTester currently only has support for .eml file uploads.

Multiple recipients

FortiTester 7.3.0 now supports up to 32 recipients.

Random sender/recipient email addresses

FortiTester 7.3.0 supports inputting “<###>” in Sender/Recipient Email Address. Every # symbol will be converted to random characters.

Random attachment

FortiTester can now generate a random attachment name and content.

Randomize file name and content

FortiTester can now add six random characters to each attachment file name and content.

Base64 disabled

Base64 can be disabled and the payload and attachments will be sent in plain text.

DNS over TLS (DoT)

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. Using this method will increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The most used port number for DoT is 853.

DoT can be found under Performance Testing > Protocol > DNS > TCP.

Key configurations

Mode

If “Simulated Users” is selected, FortiTester simulates users processing through an Actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.

If “Connections/second” is configured (support for CPS and RPS cases), FortiTester simulates TCP connections with each of them containing up to hundreds of transactions. This can be used to test how many concurrent connections can be handled by your device.

Enable DNS outstanding query (Support for RPS cases)

“Enable DNS Outstanding Query” allows multiple DNS queries to be sent in parallel. It is disabled by default, with one DNS query sent at a time. If enabled, you can set the number of parallel queries.

Maximum concurrent connections (Support for CC cases)

You can determine the maximum number of concurrent TCP connections supported through or with the DUT/SUT. This test is intended to find the maximum number of entries the DUT/SUT can store in its connection table.

Think time (Support for CC cases)

Think Time is the delay between client DNS queries by seconds. You can configure the think time between queries.

Domain policy (Support for CPS, RPS, and CC)

FortiTester queries the domains in the specified list. Only “List” type and “A” record is currently supported. You can now configure the expected domain name.

UDP PPS case support using iMIX objects

Internet Mix or iMIX refers to typical Internet traffic passing some network equipment such as routers, switches or firewalls. When measuring equipment performance using an iMIX of packets, the performance is assumed to resemble what can be seen in "real-world" conditions.

iMIX objects can be found under Performance Testing > Objects > iMIX.

UDP PPS Test Case is located in Performance Testing > UDP > PPS.

You can then select iMIX as the Frame Size Type and select the iMIX object.

ATT&CK enhancements

Discontinued support for MITRE version 6

Previously, ATT&CK v6 version and ATT&CK v10 (Beta) version models were both available to use on the GUI. In order to simplify the configuration process and require zero prior knowledge about the environment for user, FortiTester now officially uses the version 10 model and removes all version 6 models on the GUI.

Coverage map

The ATT&CK Matrix Coverage map has been upgraded to version 12. You can select previous versions of the matrix to view from the dropdown list.

New MITRE URL link

All links (Tactic/Technique) in abilities Detail have been directed to the corresponding v10 MITRE ATT&CK Matrix documents on the official website.Tactic/Technique links in Abilities Detail will default to the v10 page.

Ability dependency

When running an ATT&CK case with specific abilities in an Adversary group, the abilities should have a correct sequence to make sure they operate correctly. You can detail "pre-conditions" in the attribute details to make sure abilities that meet these requisites are added to the Adversary group first.

Auto cleanup

The Auto Cleanup option can be used to see how abilities work on agents. The Auto Cleanup is enabled by default.

FortiTester TestCenter Mode by public IP

FortiTester has support to create TestCenter Mode by public IP.

The Test Center client must be accessed by the public IP.

SSLVPN DTLS testing

DTLS provides communications privacy for datagram protocols. It allows client/server applications to communicate in a way that prevents eavesdropping, tampering, or message forgery. DTLS is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees.

DTLS can be found under Performance Testing > VPN > SSL-VPN Specifics > Client > Profile.

Key configurations

DTLS tunnel

If disabled, no DTLS tunnel will be created. Only TLS tunnels will be created for inner traffic. If enabled, DTLS tunnel will be created for inner traffic.

Available DTLS versions

If DTLSv1.0 is selected, DTLSv1.0 will be supported by FortiTester. If DTLSv1.2 is selected, DTLSv1.2 will be supported by FortiTester.

DTLS ciphers

If one DTLS cipher is selected, only the selected DTLS cipher will be supported. It is also possible to select multiple DTLS ciphers at the same time. If all DTLS ciphers are selected, all selected DTLS ciphers will be supported.

Previous
Next