Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.0.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiWeb 7.0.4 Administration Guide
    7.0.4
    8.0.5
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    What's new

    What's new

    New features

    FortiWeb 7.0.4 offers the following new features and enhancements.

    100-continue headers

    New CLI commands are added to control how FortiWeb interacts with clients and servers when forwarding the 100-continue headers.

    config server-policy policy

    edit <policy-name>

    set reply-100-continue {enable | disable}

    set forward-expect-100-continue {enable | disable}

    next

    end

    Variables Description
    reply-100-continue {enable | disable}

    • When disabled, the clients should wait for FortiWeb to forward the 100-continue response sent by server.

    • When enabled, FortiWeb will not wait for the server's 100-continue response. Instead it directly reply 100-continue header to clients to reduce delay.

    Note: FortiWeb only supports HTTP/1.1, so the 100-continue response sent by FortiWeb will be HTTP/1.1 100-continue.
    forward-expect-100-continue {enable | disable}

    • When disabled, FortiWeb will remove the Expect: 100-continue header from the request packets then forward them to servers.

    • When enabled, the Expect: 100-continue will be forwarded to server.

    It's recommended to set reply-100-continue as enabled and forward-expect-100-continue as disabled, so that FortiWeb can directly reply 100-continue header to reduce delay, then remove the Expect: 100-continue header from request packets to avoid unnecessary header being forwarded.

    Enhancement on HA fail-over upon core dump

    A new CLI command is introduced to trigger HA fail-over upon proxyd coredump, so that the secondary node can immediately take over the traffic when coredump file is being generated on the primary node.

    config server-policy setting

    set enable-core-file enable

    set corefile-ha-failover enable

    end

    Please note you should enable enable-core-file as well for the corefile-ha-failover to work. From 7.0.4, enable-core-file is by default disabled.

    Signature Algorithm setting for TLS1.2

    When tls12-compatible-sigalg is enabled, signature algorithm negotiation in TLS handshake for FortiWeb behaves exactly the same as OpenSSL 1.1.0.

    config server-policy setting

    set tls12-compatible-sigalg enable

    end

    Please note executing this command causes the proxyd to restart so all current sessions will be dropped.

    This command is specific to very rare case. Do not use it unless suggested by Fortinet support team.

    Previous
    Next

    What's new

    What's new

    New features

    FortiWeb 7.0.4 offers the following new features and enhancements.

    100-continue headers

    New CLI commands are added to control how FortiWeb interacts with clients and servers when forwarding the 100-continue headers.

    config server-policy policy

    edit <policy-name>

    set reply-100-continue {enable | disable}

    set forward-expect-100-continue {enable | disable}

    next

    end

    Variables Description
    reply-100-continue {enable | disable}

    • When disabled, the clients should wait for FortiWeb to forward the 100-continue response sent by server.

    • When enabled, FortiWeb will not wait for the server's 100-continue response. Instead it directly reply 100-continue header to clients to reduce delay.

    Note: FortiWeb only supports HTTP/1.1, so the 100-continue response sent by FortiWeb will be HTTP/1.1 100-continue.
    forward-expect-100-continue {enable | disable}

    • When disabled, FortiWeb will remove the Expect: 100-continue header from the request packets then forward them to servers.

    • When enabled, the Expect: 100-continue will be forwarded to server.

    It's recommended to set reply-100-continue as enabled and forward-expect-100-continue as disabled, so that FortiWeb can directly reply 100-continue header to reduce delay, then remove the Expect: 100-continue header from request packets to avoid unnecessary header being forwarded.

    Enhancement on HA fail-over upon core dump

    A new CLI command is introduced to trigger HA fail-over upon proxyd coredump, so that the secondary node can immediately take over the traffic when coredump file is being generated on the primary node.

    config server-policy setting

    set enable-core-file enable

    set corefile-ha-failover enable

    end

    Please note you should enable enable-core-file as well for the corefile-ha-failover to work. From 7.0.4, enable-core-file is by default disabled.

    Signature Algorithm setting for TLS1.2

    When tls12-compatible-sigalg is enabled, signature algorithm negotiation in TLS handshake for FortiWeb behaves exactly the same as OpenSSL 1.1.0.

    config server-policy setting

    set tls12-compatible-sigalg enable

    end

    Please note executing this command causes the proxyd to restart so all current sessions will be dropped.

    This command is specific to very rare case. Do not use it unless suggested by Fortinet support team.

    Previous
    Next