What’s new

The list below contains features new or changed since FortiADC 2.0.0. For upgrade information, see the Release Notes available with the firmware and “Updating the firmware”.

• No design changes. Bug fixes only.

• VDOMs — Virtual domains (VDOMs) allow you to divide a FortiADC into two or more virtual units that are configured and function independently. The administrator for each virtual domain can view and manage the configuration for his or her domain. The admin administrator has access to all virtual domain configurations. See “Virtual domains (VDOMs)”.

• Caching – A RAM cache is a cache of HTTP objects stored in FortiADC's system RAM that are reused by subsequent HTTP transactions to reduce the amount of load on the back-end servers. See “Caching HTTP objects to reduce back-end server load”.

• IP Reputation — You can now block source IP addresses that have a poor reputation using data from the FortiGuard IP Reputation Service. See “Blacklisting source IPs with poor reputation”.

• Layer 2 server load balancing – FortiADC can now load balance layer 3 routers, gateways or firewalls. This feature is useful when the request’s destination IP is unknown and you need to load balance connections between multiple next-hop gateways. Supports HTTP, HTTPS and TCPS client-side connection profiles only. See “Distributing new sessions among your servers”

• Open Shortest Path First (OSPF) support — The new OSPF feature allows FortiADC to learn dynamic routes from or redistribute routes to neighboring routers. See “Adding dynamic routes using OSPF”.

• HTTPS profile type for virtual servers — The HTTPS profile type provides a standalone HTTPS client-side connection profile and replaces the need to use an HTTP profile with SSL selected. See “Configuring offloading of client-side SSL/TLS sessions”.

• Consistent Hash IP – The persistence policy type Hash IP has changed to Consistent Hash IP. Consistent hashing allows FortiADC to achieve session persistence more efficiently than traditional hashing. See “Specifying server-side session persistence”.

• FortiADC now supports a third type of log – attack log. See “Log types”.

• You can now download log messages using the FortiADC web UI. See “Downloading log messages”.

• The format of logs has changed. Because of this format change, if you upgrade from FortiADC 3.x, use the execute log-rebuild command to rebuild the log database.

• FortiADC now exports log reports in HTML or PDF format only. RTF and plain text reports are no longer supported.

• Link routing policies — You can now specify how FortiADC routes traffic for each available ISP link, including by source or destination address and port. See “Link load balancing for outbound traffic”.

• Virtual tunnels — You can now use tunneling between two FortiADC appliances to balance traffic across multiple links to each appliance. A typical scenario is a VPN between a branch office and headquarters for application-specific access. See “Defining a virtual tunnel”.

• Persistent routing — You can now configure connections that persist regardless of the FortiADC link load balancing activity. You can configure persistence based on source IP, destination IP, and subnet. See “Adding persistence to outgoing link load balancing”.

• Proximity-based routing — Maximize WAN efficiency by using link proximity to determine latency between FortiADC and remote WAN sites so that FortiADC can choose the best route for traffic. See “Configuring routing by most efficient route or static route”.

• Scheduled link load balancing — You can now apply a link load balancing policy during a specific time period. See “Defining schedules to use with a link policy”.

• One-to-one (1-to-1) NAT — You can now fully define how each individual source and destination IP address will be translated. This feature is useful when you require a different NAT range for each ISP. See “Applying one-to-one NAT”.

• PPPoE interface support — To support DSL connectivity, you can now configure interfaces to use PPPoE (Point-to-Point Protocol over Ethernet) to automatically retrieve its IP address configuration. See “Configuring the network interfaces”.

• Custom error page — You can now upload a custom error page to FortiADC that it can use to respond to clients when HTTP service is unavailable. See “Customizing the error page or message”.

• Full NAT for Layer 3/4 load balancing — Layer 3/4 load balancing now supports full NAT (translation of both source and destination IP addresses). FortiADC can now round robin among a pool of source IP addresses for its connections to back-end servers. See “Applying full NAT to forwarded packets”.

• Standby server — You can now configure FortiADC to forward traffic to a hot standby (called a Backup Server) when all other servers in the pool are unavailable. See “Defining your pool of back-end servers”.

• Log cache memory — To avoid hard disk wear and tear, FortiADC can cache logs in memory and then periodically write them to disk in bulk. Previously, FortiADC always wrote each log message to disk instantaneously. See “Reducing hard disk usage by caching logs”.

• HA sync for health check status with IPv6 — For high availability FortiADC clusters, the Layer 4 health check status of IPv6-enabled virtual servers is now synchronized. See “HA heartbeat & synchronization”.


	Back up your configuration before upgrading to FortiADC 3.0.0. To upgrade, you must use a clean install (see “Restoring firmware (“clean install”)”), which will not preserve your configuration. After upgrading, you must either reconfigure the appliance, or restore your configuration.

• Link load balancing — FortiADC now supports load balancing among its links, in addition to distributing among local and globally distributed servers. Depending on if the traffic is inbound or outbound, different mechanisms are available: outbound can use weighted round robin; inbound can use DNS-based round robin or weighted round robin. See “Load balancing among links”.

• HTTP response compression — FortiADC now can compress responses from your back-end servers, allowing you to off load compression from your back-end servers for performance tuning that delivers faster replies to clients. See “Compressing HTTP responses”.

• Quality of service (QoS) — FortiADC now can guarantee bandwidth and queue based upon source/destination address, direction, and network service. See “Guaranteeing bandwidth & controlling queueing (QoS)”.

• Source NAT (SNAT) — When applying NAT, FortiADC can now apply either static or dynamic source NAT, depending on your preference. See “Applying source NAT (SNAT)”.

• Session persistence by source IP segment — FortiADC now can apply session persistence for entire segments of source IPs such as 10.0.2.0/24. Previously, session persistence applied to a single source IP. See “Specifying server-side session persistence”.

• Health check enhancements — FortiADC now supports additional health check types for servers that respond to these protocols: email (SMTP, POP3, IMAP), TCPS, TCP SYN (half-open connection), SNMP, and UDP. See “Monitoring your servers’ responsiveness”.

• HA enhancements — FortiADC HA now synchronizes Layer 3/4 and Layer 7 sessions and connections for session persistence and uninterrupted connections when the standby assumes control of traffic. See “Data that is not synchronized by HA”.

• Support for FortiADC 200D and FortiADC-VM— FortiADC software has been released to support these new platforms.