Fortinet black logo

Administration Guide

Home FortiWeb 7.0.4 Administration Guide

What's new

7.0.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.10
7.0.9
7.0.8
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0
5.6.0
Copy Link
Copy Doc ID fbc6a1a7-6bd6-11ed-96f0-fa163e15d75b:819488
Download PDF

What's new

New features

FortiWeb 7.0.4 offers the following new features and enhancements.

100-continue headers

New CLI commands are added to control how FortiWeb interacts with clients and servers when forwarding the 100-continue headers.

config server-policy policy

edit <policy-name>

set reply-100-continue {enable | disable}

set forward-expect-100-continue {enable | disable}

next

end

Variables Description
reply-100-continue {enable | disable}

  • When disabled, the clients should wait for FortiWeb to forward the 100-continue response sent by server.

  • When enabled, FortiWeb will not wait for the server's 100-continue response. Instead it directly reply 100-continue header to clients to reduce delay.

Note: FortiWeb only supports HTTP/1.1, so the 100-continue response sent by FortiWeb will be HTTP/1.1 100-continue.
forward-expect-100-continue {enable | disable}

  • When disabled, FortiWeb will remove the Expect: 100-continue header from the request packets then forward them to servers.

  • When enabled, the Expect: 100-continue will be forwarded to server.

It's recommended to set reply-100-continue as enabled and forward-expect-100-continue as disabled, so that FortiWeb can directly reply 100-continue header to reduce delay, then remove the Expect: 100-continue header from request packets to avoid unnecessary header being forwarded.

Enhancement on HA fail-over upon core dump

A new CLI command is introduced to trigger HA fail-over upon proxyd coredump, so that the secondary node can immediately take over the traffic when coredump file is being generated on the primary node.

config server-policy setting

set enable-core-file enable

set corefile-ha-failover enable

end

Please note you should enable enable-core-file as well for the corefile-ha-failover to work. From 7.0.4, enable-core-file is by default disabled.

Signature Algorithm setting for TLS1.2

When tls12-compatible-sigalg is enabled, signature algorithm negotiation in TLS handshake for FortiWeb behaves exactly the same as OpenSSL 1.1.0.

config server-policy setting

set tls12-compatible-sigalg enable

end

Please note executing this command causes the proxyd to restart so all current sessions will be dropped.

This command is specific to very rare case. Do not use it unless suggested by Fortinet support team.

Previous
Next

What's new

New features

FortiWeb 7.0.4 offers the following new features and enhancements.

100-continue headers

New CLI commands are added to control how FortiWeb interacts with clients and servers when forwarding the 100-continue headers.

config server-policy policy

edit <policy-name>

set reply-100-continue {enable | disable}

set forward-expect-100-continue {enable | disable}

next

end

Variables Description
reply-100-continue {enable | disable}

  • When disabled, the clients should wait for FortiWeb to forward the 100-continue response sent by server.

  • When enabled, FortiWeb will not wait for the server's 100-continue response. Instead it directly reply 100-continue header to clients to reduce delay.

Note: FortiWeb only supports HTTP/1.1, so the 100-continue response sent by FortiWeb will be HTTP/1.1 100-continue.
forward-expect-100-continue {enable | disable}

  • When disabled, FortiWeb will remove the Expect: 100-continue header from the request packets then forward them to servers.

  • When enabled, the Expect: 100-continue will be forwarded to server.

It's recommended to set reply-100-continue as enabled and forward-expect-100-continue as disabled, so that FortiWeb can directly reply 100-continue header to reduce delay, then remove the Expect: 100-continue header from request packets to avoid unnecessary header being forwarded.

Enhancement on HA fail-over upon core dump

A new CLI command is introduced to trigger HA fail-over upon proxyd coredump, so that the secondary node can immediately take over the traffic when coredump file is being generated on the primary node.

config server-policy setting

set enable-core-file enable

set corefile-ha-failover enable

end

Please note you should enable enable-core-file as well for the corefile-ha-failover to work. From 7.0.4, enable-core-file is by default disabled.

Signature Algorithm setting for TLS1.2

When tls12-compatible-sigalg is enabled, signature algorithm negotiation in TLS handshake for FortiWeb behaves exactly the same as OpenSSL 1.1.0.

config server-policy setting

set tls12-compatible-sigalg enable

end

Please note executing this command causes the proxyd to restart so all current sessions will be dropped.

This command is specific to very rare case. Do not use it unless suggested by Fortinet support team.

Previous
Next