What’s new
The list below contains features new or changed since FortiADC 2.0.0. For upgrade information, see the Release Notes available with the firmware and
“Updating the firmware”.
FortiADC 4.1
• No design changes. Bug fixes only.
FortiADC 4.0 Patch 2
• No design changes. Bug fixes only.
FortiADC 4.0 Patch 1
• No design changes. Bug fixes only.
FortiADC 4.0
• VDOMs — Virtual domains (VDOMs) allow you to divide a FortiADC into two or more virtual units that are configured and function independently. The administrator for each virtual domain can view and manage the configuration for his or her domain. The
admin administrator has access to all virtual domain configurations. See
“Virtual domains (VDOMs)”.
• Layer 2 server load balancing – FortiADC can now load balance layer 3 routers, gateways or firewalls. This feature is useful when the request’s destination IP is unknown and you need to load balance connections between multiple next-hop gateways. Supports HTTP, HTTPS and TCPS client-side connection profiles only. See
“Distributing new sessions among your servers” • Open Shortest Path First (OSPF) support — The new OSPF feature allows FortiADC to learn dynamic routes from or redistribute routes to neighboring routers. See
“Adding dynamic routes using OSPF”.
• Consistent Hash IP – The persistence policy type
Hash IP has changed to
Consistent Hash IP. Consistent hashing allows FortiADC to achieve session persistence more efficiently than traditional hashing. See
“Specifying server-side session persistence”.
• Enhanced logs
• FortiADC now supports a third type of log – attack log. See
“Log types”.
• The format of logs has changed. Because of this format change, if you upgrade from FortiADC 3.x, use the execute log-rebuild command to rebuild the log database.
• FortiADC now exports log reports in HTML or PDF format only. RTF and plain text reports are no longer supported.
FortiADC 3.2.0
• Virtual tunnels — You can now use tunneling between two FortiADC appliances to balance traffic across multiple links to each appliance. A typical scenario is a VPN between a branch office and headquarters for application-specific access. See
“Defining a virtual tunnel”.
• Persistent routing — You can now configure connections that persist regardless of the FortiADC link load balancing activity. You can configure persistence based on source IP, destination IP, and subnet. See
“Adding persistence to outgoing link load balancing”.
• One-to-one (1-to-1) NAT — You can now fully define how each individual source and destination IP address will be translated. This feature is useful when you require a different NAT range for each ISP. See
“Applying one-to-one NAT”.
• PPPoE interface support — To support DSL connectivity, you can now configure interfaces to use PPPoE (Point-to-Point Protocol over Ethernet) to automatically retrieve its IP address configuration. See
“Configuring the network interfaces”.
FortiADC 3.1.0
• Full NAT for Layer 3/4 load balancing — Layer 3/4 load balancing now supports full NAT (translation of both source and destination IP addresses). FortiADC can now round robin among a pool of source IP addresses for its connections to back-end servers. See
“Applying full NAT to forwarded packets”.
• Standby server — You can now configure FortiADC to forward traffic to a hot standby (called a
Backup Server) when all other servers in the pool are unavailable. See
“Defining your pool of back-end servers”.
• Log cache memory — To avoid hard disk wear and tear, FortiADC can cache logs in memory and then periodically write them to disk in bulk. Previously, FortiADC always wrote each log message to disk instantaneously. See
“Reducing hard disk usage by caching logs”.
• HA sync for health check status with IPv6 — For high availability FortiADC clusters, the Layer 4 health check status of IPv6-enabled virtual servers is now synchronized. See
“HA heartbeat & synchronization”.
FortiADC 3.0.0
| Back up your configuration before upgrading to FortiADC 3.0.0. To upgrade, you must use a clean install (see “Restoring firmware (“clean install”)”), which will not preserve your configuration. After upgrading, you must either reconfigure the appliance, or restore your configuration. |
• Link load balancing — FortiADC now supports load balancing among its links, in addition to distributing among local and globally distributed servers. Depending on if the traffic is inbound or outbound, different mechanisms are available: outbound can use weighted round robin; inbound can use DNS-based round robin or weighted round robin. See
“Load balancing among links”.
• HTTP response compression — FortiADC now can compress responses from your back-end servers, allowing you to off load compression from your back-end servers for performance tuning that delivers faster replies to clients. See
“Compressing HTTP responses”.
• Source NAT (SNAT) — When applying NAT, FortiADC can now apply either static or dynamic source NAT, depending on your preference. See
“Applying source NAT (SNAT)”.
• Session persistence by source IP segment — FortiADC now can apply session persistence for entire segments of source IPs such as 10.0.2.0/24. Previously, session persistence applied to a single source IP. See
“Specifying server-side session persistence”.
• Health check enhancements — FortiADC now supports additional health check types for servers that respond to these protocols: email (SMTP, POP3, IMAP), TCPS, TCP
SYN (half-open connection), SNMP, and UDP. See
“Monitoring your servers’ responsiveness”.
• HA enhancements — FortiADC HA now synchronizes Layer 3/4 and Layer 7 sessions and connections for session persistence and uninterrupted connections when the standby assumes control of traffic. See
“Data that is not synchronized by HA”.
FortiADC 2.1.0
• Support for FortiADC 200D and FortiADC-VM— FortiADC software has been released to support these new platforms.
Documentation enhancements
Installation and first-time setup instructions have been added.
Topology diagrams and required default port numbers have been expanded.
CLI instructions and a reference of available commands have been added.