Introduction
Architecture
Scope
What’s new
Key concepts
Sequence of packet routing evaluation
HA heartbeat & synchronization
Data that is not synchronized by HA
Configuration settings that are not synchronized by HA
How HA chooses the active appliance
How to use the web UI
System requirements
URL for access
Permissions
Trusted hosts
Concurrent administrator sessions
Global web UI & CLI settings
Buttons, menus, & the displays
Deleting entries
Renaming entries
Shutdown
How to set up your FortiADC
Appliance vs. VMware
Registering your FortiADC
Planning the network topology
Topologies for high availability (HA) clustering
Connecting to the web UI or CLI
Connecting to the web UI
Connecting to the CLI
Updating the firmware
Testing new firmware before installing it
Installing firmware
Updating firmware on an HA pair
Installing alternate firmware
Booting from the alternate partition
Changing the “admin” account password
Setting the system time & date
Configuring a high availability (HA) FortiADC cluster
Configuring the network settings
Configuring the network interfaces
Configuring the physical network interfaces
Adding VLAN subinterfaces
Link aggregation
Adding a gateway
Policy routes
Configuring DNS settings
Adding a simple load balancer
Testing your installation
Backups
Restoring a previous configuration
Administrators
Restricting permissions
Changing an administrator’s password
Secure connections (SSL/TLS)
What is SSL/TLS offloading?
Supported cipher suites & protocol versions
How to offload HTTPS
Generating a certificate signing request
Uploading a server certificate
Supplementing a server certificate with its signing chain
Uploading trusted CAs’ certificates
Example: Downloading the CA’s certificate from Microsoft Windows 2003 Server
Configuring FortiADC to validate certificates
How to re-encrypt SSL/TLS to back-end servers
Revoking certificates
Revoking certificates by OCSP query
How to export/back up certificates & private keys
Firewalling
Defining address objects
Applying source NAT (SNAT)
Defining your network services
Protocol numbers
Configuring firewall policies
Rate limiting
Protecting against TCP SYN floods
Guaranteeing bandwidth & controlling queueing (QoS)
Load balancing
Load balancing among local servers
Defining your pool of back-end servers
Monitoring your servers’ responsiveness
Distributing new sessions among your servers
Routing based on current load
Routing based on the application layer
Sessions
Specifying server-side session persistence
Specifying client-side sessions
Load balancing among globally distributed servers
Load balancing among links
Link load balancing for outbound traffic
Monitoring link health or availability
Routing outbound traffic through a link
Link load balancing for inbound traffic
Rewriting traffic
Rewriting application layer headers
Offloading compression
Compressing HTTP responses
Advanced/optional system settings
Changing the FortiADC appliance’s host name
Monitoring your system
The dashboard
System Information widget
License Information widget
CLI Console widget
System Resources widget
Virtual Server Summary widget
Virtual Server Network Throughput widget
Virtual Server Sessions widget
Event Log Console widget
Virtual server & server pool connectivity
Logging
About logs & logging
Log types
Log severity levels
Configuring logging
Enabling traffic & event logs
Logging to a FortiAnalyzer or Syslog server
Viewing log messages
Displaying & arranging log columns
Filtering log messages
Alert email
SNMP traps & queries
Configuring an SNMP community
MIB support
Reports
Customizing the report’s headers, footers, & logo
Restricting the report’s scope
Choosing the type & format of a report profile
Scheduling reports
Selecting the report’s file type & email delivery
Viewing & downloading generated reports
Fine-tuning & best practices
Hardening security
Improving performance
Improving fault tolerance
Regular backups
Troubleshooting
Tools
Ping & traceroute
Log messages
Diff
Packet capture
Diagnostic commands in the CLI
Solutions by issue type
Connectivity issues
Checking hardware connections
Examining the ARP table
Checking routing
Examining the routing table
Checking port assignments
Performing a packet trace
Checking the SSL/TLS handshake & encryption
Resource issues
Killing system-intensive processes
Monitoring traffic load
Preparing for DoS attacks
Login issues
When an administrator account cannot log in from a specific IP
Resetting the configuration
Restoring firmware (“clean install”)
Appendix A: Port numbers
Appendix B: Maximum configuration values
Introduction
Appendix B: Maximum configuration values
global_gui_cli_settings
firmware_upgrade
time
ha
interfaces
router_static
policy_routes
dns
backups
administrators
permissions
certificates_local
certificates_ca_intermediate
certificates_intermediate_ca_group
certificates_ca_group
certificates_ca
certificates_validation
certificates_crl
certificates_remote
address_objects
source_nat
service_definitions
firewall_policies
connection_limits
syn_flood_protection
qos
lb_server_pool
lb_server_health_check
lb_server_virtual_server
lb_server_method
lb_server_content_routing
lb_server_session_persistence
lb_server_session_timeouts
lb_server_offloading_ssl
lb_global_pool
lb_global_dns
lb_link_health_check
lb_link_routes
lb_link_gateway
lb_link_pool
lb_link_inbound_dns
lb_server_content_rewriting
lb_server_http_compression
host_name
dashboard
license_information_widget
vserver_status
log_config
log_config_fortianalyzer
log_view
alert_email
snmp
report_config
report_view