Overview:
The FortiADC Application Delivery Controllers (ADC) optimize the availability, user experience, performance and scalability of Enterprise Application Delivery. The FortiADC family of physical appliances delivers fast, secure and intelligent acceleration and distribution of demanding applications in the enterprise.
Acceleration and Performance
Multi-core processor technology, combined with
hardware-based SSL offloading to accelerate
application performance.
Application Availability
24x7 application availability through automatic failover,
global server load balancing, and link load balancing
to optimize WAN connectivity.
Application Protection
Advanced Web Application Firewall protection from
the OWASP top 10 and threat detection with Fortinet
Security Fabric.
Highlights:
Hardware-Based SSL Offloading, SSL Inspection, and Visibility
FortiADC offloads server-intensive SSL processing with support for
4096-bit keys, TCP connection management, data compression
and HTTP request processing from servers. This speeds up
response times, reduces load on the backend servers, allowing
them to serve more users.
SSL Forward Proxy utilizes FortiADC’s high-capacity decryption
and encryption to allow other devices, such as a FortiGate firewall,
to easily inspect traffic for threats. An inline pair of FortiADCs at the
front end and back end of a firewall remove all encryption so that
the firewall isn’t taxed with the additional load of SSL processing.
FortiADC ensures seamless re-encryption with certificates intact
with no user disruptions.
FortiADC’s Transparent HTTP/S and TCP/S Mirroring Capabilities
decrypt secure traffic for inspection and reporting. Copies of clear
traffic can be sent for analysis by FortiGate or other third-party
solutions for an indepth view of threats that may be hidden in
encrypted traffic while FortiADC continues to perform its application
delivery functions.
FortiADC integrates with Gemalto’s SafeNet Enterprise Hardware
Security Modules (HSMs) to use the advanced security certificates
managed by the HSM for the encryption and decryption of secure
application traffic. This lets organizations that use Gemalto’s
SafeNet HSMs deploy a high-performance ADC solution using a
strong, centrally-managed set of certificates and encryption keys.
Disaster Recovery with Global Server
Load Balancing
FortiADC’s included Global Server Load Balancing (GSLB) makes
your network reliable and available by scaling applications across
multiple data centers for disaster recovery or to improve application
response times. Administrators can set up rules that direct traffic
based on site availability, data center performance and network latency.
Web Application Firewall
FortiADC offers multiple levels of protection to defend against attacks
that target your web applications. FortiADC Web Application Firewall
can detect a zero day attack and protect from OWASP top-10 and
many other threats with multi-vector protection such as SQLi and XSS
Protection, Web Scraping, Brute Force, Web Defacement, Protocol
Validation (HTTP RFC) and Web Attack Signature using FortiGuard
WAF Security Services for layer 7 attacks (subscription required). Also,
FortiADC WAF provides full Web Vulnerability Scanning for your website
to detect and alert against known attacks.
Optimize Performance with PageSpeed,
Caching, and Compression
FortiADC provides multiple services that speed the delivery of
applications to users. The PageSpeed suite of website performance
enhancement tools can automatically optimize HTTP, CSS, Javascript
and image delivery to application users. Caching on FortiADC
dynamically stores popular application content such as images,
videos, HTML files and other file types to alleviate server resources
and accelerate overall application performance. HTTP Compression
employs GZIP and DEFLATE to intelligently compress many content
types used by today’s latest web-based applications to reduce
bandwidth needs and improve the user application experience.
Deep Integration into the Fortinet
Security Fabric
As the threat landscape evolves, many new threats require a
multi-pronged approach for protecting applications. Advanced
Persistent Threats that target users can take many different forms
than traditional single-vector attack types and can evade
protections offered only by a single device. FortiADC’s antivirus and
integration with FortiSandbox extend basic security protections to
scan file attachments for known and unknown threats.
DDoS Application, Web Filtering, IPS, Geo-IP
and IP Reputation for Enhanced Security
FortiGuard Web Filtering works with FortiADC’s SSL Forward Proxy
feature to simplify the process of managing exceptions for secure
traffic inspection. Instead of manually configuring single URLs,
Web Filtering gives administrators the ability to choose websites by category type to enable or disable SSL traffic inspection as a
group instead of on a site by site basis. FortiADC also supports our
FortiGuard which provides multi services such as: IPS, Antivirus
and IP Reputation service (subscription required) that protects
you from sources associated with DoS/DDoS attacks, phishing
schemes, spammers, malicious software and botnets.
Scripting to Extend Built-in Features
FortiADC’s Lua-based scripting language gives you the flexibility
to create custom, event-driven rules using predefined commands,
variables and operators. Using easy-to-create scripts, you get the
flexibility you need to extend your FortiADC with specialized
business rules that give you almost unlimited possibilities for server
load balancing, health checks, application validation, content routing,
and content rewriting to meet the needs of your organization.
Link Load Balancing
Built-in Link Load Balancing (LLB) gives you the option to connect
your FortiADC to two or more WAN links to reduce the risk of
outages or to add additional bandwidth to relieve traffic congestion.
FortiADC supports inbound and outbound Link Load Balancing to
manage traffic leaving or entering the device. Using policy routing,
FortiADC can support complex NAT and routing requirements to
address almost any network LLB architecture. With Tunnel Routing
you get high-speed, reliable site-to-site connectivity without the
need to lease expensive WAN links. It aggregates multiple links
to create a virtual tunnel to a remote data center that ensures
availability especially for applications that are time sensitive and
require large single-session bandwidth such as video conferencing.
Analytics and Visibility
FortiADC offers real-time and historical information about your
appliance, which includes the logical topology of real-server pools,
user/application data-analytics, security threats, attack maps and
some other system events and alerts.
VM and Public Cloud Options
FortiADC provides maximum flexibility in supporting your virtual and
hybrid environments. The virtual versions of FortiADC support all the
same features as our hardware-based devices and can be deployed
in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen,
and KVM platforms. FortiADC is also available for Amazon Web
Services, Microsoft Azure, Google Cloud and Oracle Cloud.