Supported features in each operation mode
Supported features vary by the operation mode. For the broadest feature support, choose Reverse Proxy mode.
The table below lists features that are not universally supported across all operation modes. In other words, any feature not listed here is supported by all operation modes by default.
| Feature | Operation mode | ||||
|---|---|---|---|---|---|
| Reverse Proxy | True Transparent Proxy | Transparent Inspection | Offline Protection | WCCP | |
| HA (Active-passive) | Yes | Yes | Yes | Yes | Yes |
|
HA (Active-active-Standard) |
Yes | Yes | No | No | No |
|
HA (Active-active-High Volume) |
Yes | No | No | No | No |
| Bridges/V-zones | No | Yes | Yes | No | No |
| Network Firewall | Yes | Yes | Yes | No | No |
| Fail-to-wire | No | Yes | Yes | No | Yes |
| Config. Sync (Non-HA) | Yes^ | Yes | Yes | Yes | Yes |
|
AJAX Block |
Yes | Yes | No | No | Yes |
| Error Page Customization | Yes | Yes | No | No | Yes |
|
FortiGate Quarantined IPs |
Yes | Yes | No | No | Yes |
|
ADFS Policy |
Yes | No | No | No | No |
|
HSTS Header |
Yes | Yes | No | No | Yes |
|
HPKP Header |
Yes | Yes | No | No | Yes |
| OCSP Stapling | Yes | Yes | No | No | Yes |
| TLS 1.0/1.1/1.2 Support | Yes | Yes | Yes~¶ | Yes~¶ | Yes |
| TLS 1.3 Support | Yes~ | Yes~ | No | No | Yes~ |
|
Client Certificate Forwarding |
Yes | Yes | No | No | Yes |
| Client Certificate Verification | Yes | Yes | No | No | Yes |
| User Authentication | Yes | Yes | No | No | Yes |
| HTTP/2 Support | Yes | Yes | No | No | No |
| SSL/TLS Offloading | Yes | No | No | No | No |
|
Client Management |
Yes | Yes | Yes* | Yes* | Yes* |
| HTTP Content Routing | Yes | No | No | No | No |
|
Proxy Protocol |
Yes | Yes | Yes | Yes |
No |
| Traffic Mirror | Yes | Yes | No | No | No |
| URL Rewriting/Redirection | Yes | Yes | No | No | Yes |
|
HTTP Authentication |
Yes | Yes | No | No | Yes |
| Site Publish | Yes | Yes | No | No | Yes |
| File Compression | Yes | Yes | No | No | Yes |
|
Waiting Room |
Yes |
Yes |
No |
No |
Yes |
|
Acceleration |
Yes |
Yes |
No |
No |
Yes |
| Caching | Yes | Yes | No | No | Yes |
| CSRF Protection | Yes | Yes | No | No | Yes |
| HTTP Header Security | Yes | Yes | No | No | Yes |
|
Man in the Browser Protection Policy |
Yes | Yes | No | No | Yes |
|
URL Encryption |
Yes |
Yes |
No |
No |
Yes |
| Cookie Security | Yes | Yes | No | No | Yes |
|
WebSocket Security |
Yes | Yes | No | No | Yes |
| CORS Protection | Yes | Yes | No | No | Yes |
|
Bot Mitigation |
Yes | Yes | No | No | Yes |
|
Biometrics Based Detection |
Yes | Yes | No | No | Yes |
|
Threshold Based Detection |
Yes | Yes | No | No | Yes |
|
Bot Deception |
Yes | Yes | No | No | Yes |
|
Known Bots |
Yes | Yes | No | No | Yes |
|
WS-Security Rule |
Yes | Yes | No | No | Yes |
|
HTTP Access Limit |
Yes | Yes | No | No | Yes |
|
Malicious IPs |
Yes | Yes | No | No | Yes |
|
HTTP Flood Prevention |
Yes | Yes | No | No | Yes |
|
TCP Flood Prevention |
Yes | Yes | No | No | Yes |
| DoS Protection | Yes | Yes | No | No | Yes |
|
ML based API Protection |
Yes |
Yes |
No |
No |
No |
|
ZTNA |
Yes |
No |
No |
No |
No |
| ^ Full configuration sync is not supported in Reverse Proxy mode. § Only the Alert action is supported. * Requires that your web application have session IDs. For details, see Session Key. ~ DSA-encrypted server certificates are not supported. ¶ Diffie-Hellman key exchanges are not supported. For the specific cipher suites that FortiWeb supports in each operating mode and protocol, see Supported cipher suites & protocol versions. |
|||||