Fortinet black logo

Release Notes

Home FortiTester 7.3.1 Release Notes
7.3.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.1
7.1.0
7.0.0
4.2.1
4.2.0
4.1.1
4.1.0
4.0.0
3.9.2
3.9.1
3.9.0
3.8.0
3.7.1
3.7.0
3.6.0
3.4.0
3.3.1
3.3.0
3.2.0
3.1.0
3.0.0
2.9.0
2.8.0
2.7.0
2.5.0
2.4.1
2.4.0
2.3.0

Whatʼs new

Whatʼs new

FortiTester 7.3.1 offers the following new features and enhancements:

FortiTester 3000F

FortiTester 3000F is supported in this release. The SKU is available from the Fortinet Q4 2023 Pricelist.

FortiTester 3000F is the replacement for FortiTester 3000E, which has an End-of-Sales date of 2023. Please refer to the support website for details.

Support for sending the EMS serial number in FortiTester VPN cases

When performing an SSL-VPN test on FortiGate devices, FortiTester can now send an Enterprise Management Server (EMS) serial number to the FortiGate device. This is useful for testing an SASE deployment. When a FortiGate device is connected to a FortiClient EMS, the sslvpn-ems-sn-check option is enabled, and FortiTester must use the EMS serial number to negotiate with the FortiGate device before they can connect successfully.

To use this feature:

  1. Go to Performance Testing > VPN > SSL-VPN > CPS/RPS/CC/Throughput > Specifics > Load.

  2. Enable Enable EMS-SN.

  3. In the EMS SN field, enter the EMS serial number that is used in the FortiGate device.

Support FortiClient-like negotiation with the FortiGate device for VPN cases

In previous FortiTester releases, the way that FortiTester interacted with the FortiGate device was different from the way that FortiClient interacted with the FortiGate device. To better simulate the situation, the negotiation process in FortiTester has been updated to make it the same as FortiClient.

To use this feature:

  1. Go to Performance Testing > VPN > SSL-VPN > CPS/RPS/CC/Throughput > Specifics > Load.

  2. In the Tunnel Version dropdown list, select which tunnel version to use:

    • v1—Use the Point-to-Point Protocol for negotiation with the FortiGate device.

    • v2—Negotiate with the FortiGate device without using the Point-to-Point Protocol.

Add custom and automatic traffic split modes to traffic and attack replay

In previous FortiTester releases, traffic splitting when uploading PCAP files in replay cases was done automatically, which resulted in incorrect traffic in some cases. To make traffic splitting more flexible and reliable, there is a new custom traffic split mode where you can list up to five CIDRs and specify if the traffic is client side or server side. Any packets with a source IP address that matches one of the IP addresses in the CIDR list are classified as client side or server side, whichever one was specified by the user. Automatic traffic splitting is still available by selecting Automatic Detection and is the recommended choice for most scenarios. This feature is added to Traffic Replay and Attack Replay cases.

To use this feature:

  1. Go to Performance Testing > Replay > Traffic > Specifics > Action or Security Testing > IPS > Attack > Specifics > Action.

  2. From the Split Traffic Mode dropdown list, select Automatic Detection or Custom User Provided CIDR.

  3. If you selected Custom User Provided CIDR, enter up to five CIDRs in the CIDR field. Separate them with a comma.

  4. If you selected Custom User Provided CIDR, select Client or Server from the Side dropdown list.

Support for Mellanox 100G NIC SR-IOV/PCI passthrough

FortiTester supports Mellanox 100G NIC SR-IOV/PCI passthrough on VM and KVM.

The following types of cards are supported:

  • ConnectX-4

  • ConnectX-4L

  • ConnectX-5

  • ConnectX-5EX

  • ConnectX-5BF

  • ConnectX-6

  • ConnectX-6DX

Previous
Next

Whatʼs new

FortiTester 7.3.1 offers the following new features and enhancements:

FortiTester 3000F

FortiTester 3000F is supported in this release. The SKU is available from the Fortinet Q4 2023 Pricelist.

FortiTester 3000F is the replacement for FortiTester 3000E, which has an End-of-Sales date of 2023. Please refer to the support website for details.

Support for sending the EMS serial number in FortiTester VPN cases

When performing an SSL-VPN test on FortiGate devices, FortiTester can now send an Enterprise Management Server (EMS) serial number to the FortiGate device. This is useful for testing an SASE deployment. When a FortiGate device is connected to a FortiClient EMS, the sslvpn-ems-sn-check option is enabled, and FortiTester must use the EMS serial number to negotiate with the FortiGate device before they can connect successfully.

To use this feature:

  1. Go to Performance Testing > VPN > SSL-VPN > CPS/RPS/CC/Throughput > Specifics > Load.

  2. Enable Enable EMS-SN.

  3. In the EMS SN field, enter the EMS serial number that is used in the FortiGate device.

Support FortiClient-like negotiation with the FortiGate device for VPN cases

In previous FortiTester releases, the way that FortiTester interacted with the FortiGate device was different from the way that FortiClient interacted with the FortiGate device. To better simulate the situation, the negotiation process in FortiTester has been updated to make it the same as FortiClient.

To use this feature:

  1. Go to Performance Testing > VPN > SSL-VPN > CPS/RPS/CC/Throughput > Specifics > Load.

  2. In the Tunnel Version dropdown list, select which tunnel version to use:

    • v1—Use the Point-to-Point Protocol for negotiation with the FortiGate device.

    • v2—Negotiate with the FortiGate device without using the Point-to-Point Protocol.

Add custom and automatic traffic split modes to traffic and attack replay

In previous FortiTester releases, traffic splitting when uploading PCAP files in replay cases was done automatically, which resulted in incorrect traffic in some cases. To make traffic splitting more flexible and reliable, there is a new custom traffic split mode where you can list up to five CIDRs and specify if the traffic is client side or server side. Any packets with a source IP address that matches one of the IP addresses in the CIDR list are classified as client side or server side, whichever one was specified by the user. Automatic traffic splitting is still available by selecting Automatic Detection and is the recommended choice for most scenarios. This feature is added to Traffic Replay and Attack Replay cases.

To use this feature:

  1. Go to Performance Testing > Replay > Traffic > Specifics > Action or Security Testing > IPS > Attack > Specifics > Action.

  2. From the Split Traffic Mode dropdown list, select Automatic Detection or Custom User Provided CIDR.

  3. If you selected Custom User Provided CIDR, enter up to five CIDRs in the CIDR field. Separate them with a comma.

  4. If you selected Custom User Provided CIDR, select Client or Server from the Side dropdown list.

Support for Mellanox 100G NIC SR-IOV/PCI passthrough

FortiTester supports Mellanox 100G NIC SR-IOV/PCI passthrough on VM and KVM.

The following types of cards are supported:

  • ConnectX-4

  • ConnectX-4L

  • ConnectX-5

  • ConnectX-5EX

  • ConnectX-5BF

  • ConnectX-6

  • ConnectX-6DX

Previous
Next