New Hardware platforms
FortiWeb 2000F, 3000F, and 4000F are introduced in this release.
For their configuration maximums, see Appendix B: Maximum configuration values.
Form Based Delegation
FortiWeb now supports Form Based Delegation to publish web servers including OWA/Exchange (2010/2016). In Site Publish rule, you can select HTML Form Authentication as the Client Authentication Method, then choose Form Based Delegation as the Authentication Delegation.
For more information, see Using Form Based Delegation.
URL Redirection after Site Publish authentication
It's now allowed to specify a redirection URL in Site Publish rule to redirect users to the URL after successfully authenticated.
SameSite attribute for Cookie Security
The SameSite attribute is supported in Cookie Security so that you can declare if your cookie should be restricted to a first-party or same-site context.
For more information, see Cookie security.
Maximum body cache increased
The maximum body cache size configured in System > Config > Advanced is increased from 4 MB to 10 MB.
Local certificate name length increased
Up to 192 characters are supported in the local certificate name.
Web Cache Improvements
When serving cached data to clients, FortiWeb now supports decompressing the data when it detects the client side does not support gzip.
HA Diff tool
HA Diff tool is introduced to compare the configuration difference between the primary and secondary nodes.
For more information, see Synchronization.
Debug support for additional modules
You can now run
diagnose debug application to diagnose problems for more modules including:
User Tracking (
ADFS Proxy (
Web Cache (
Chunk Decoding (