What's new
New features
FortiWeb 7.0.4 offers the following new features and enhancements.
100-continue headers
New CLI commands are added to control how FortiWeb interacts with clients and servers when forwarding the 100-continue headers.
config server-policy policy
edit <policy-name>
set reply-100-continue {enable | disable}
set forward-expect-100-continue {enable | disable}
next
end
Variables | Description |
---|---|
reply-100-continue {enable | disable} |
Note: FortiWeb only supports HTTP/1.1, so the |
forward-expect-100-continue {enable | disable} |
|
It's recommended to set reply-100-continue
as enabled
and forward-expect-100-continue
as disabled
, so that FortiWeb can directly reply 100-continue
header to reduce delay, then remove the Expect: 100-continue
header from request packets to avoid unnecessary header being forwarded.
Enhancement on HA fail-over upon core dump
A new CLI command is introduced to trigger HA fail-over upon proxyd coredump, so that the secondary node can immediately take over the traffic when coredump file is being generated on the primary node.
config server-policy setting
set enable-core-file enable
set corefile-ha-failover enable
end
Please note you should enable enable-core-file
as well for the corefile-ha-failover
to work. From 7.0.4, enable-core-file
is by default disabled.
Signature Algorithm setting for TLS1.2
When tls12-compatible-sigalg
is enabled, signature algorithm negotiation in TLS handshake for FortiWeb behaves exactly the same as OpenSSL 1.1.0.
config server-policy setting
set tls12-compatible-sigalg enable
end
Please note executing this command causes the proxyd to restart so all current sessions will be dropped.
This command is specific to very rare case. Do not use it unless suggested by Fortinet support team.