Академический Документы
Профессиональный Документы
Культура Документы
FORTINET VIDEO GUIDE
http://video.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT
https://support.fortinet.com
FORTIGATE COOKBOOK
http://cookbook.fortinet.com
FORTINET TRAINING SERVICES
http://www.fortinet.com/training
FORTIGUARD CENTER
http://www.fortiguard.com
FEEDBACK
Email: techdocs@fortinet.com
Revision 1
TABLE OF CONTENTS
Change Log 4
Introduction 5
Solution benefits 5
The FortiADC difference 6
Deployment topologies 7
Router Mode 7
One-Arm Mode 8
Hardware and software used in this example 9
Apache Web Server Configuration 10
Step 1: Download and install the Apache Web Servers 10
Step 2: Configure Apache Web Server logging 10
FortiADC Configuration 13
Basic Configuration 13
Step 1: Configure network interfaces and a static route 13
Step 2: Configure health checks 15
Step 3: Configure the Real Server Pool 16
Step 4: Configuring the virtual servers 19
Advanced Features Configuration 22
Persistence 22
Scripts 23
Advanced profile options 25
SSL offloading 26
Caching 29
Compression 31
Binding profiles to the virtual server 33
Advanced virtual server configuration summary 34
Verification 36
Troubleshooting 37
Appendix A: FortiADC Configuration 38
Basic server load balancing 38
Advanced features 39
Change Log
Change Log
FortiADC Deployment Guide 4
Fortinet Technologies Inc.
Introduction
Introduction
The Apache Web Server is the world's most used web server software. Apache played a key role in the initial
growth of the World Wide Web, and has remained most popular since April 1996. In 2009, it became the first web
server software to serve more than 100 million websites.
Apache is developed and maintained by an open community of developers under the auspices of the Apache
Software Foundation. Apache is free and open-source software.
The FortiADC deployment enables load balancing for server availability, quality of experience (QoE)
improvement for fast response-time, and best ROI with cost reduction (CAPEX and OPEX).
Solution benefits
l Delivers 99.999% application uptime with intelligent server load balancing and global server load balancing
l Optimizes applications and improves user QoE (Quality of Experience)
l Reduces CAPEX and OPEX by doing server offload with SSL acceleration and TCP multiplexing.
l Secures Apache Web Server with web application firewall and distributed denial-of-server (DDoS) prevention.
5 FortiADC Deployment Guide
Fortinet Technologies Inc.
The FortiADC difference
There are a number of hardware load balancing products available on the market with a wide range of features
and capabilities. FortiADC differentiates itself by providing superior value, high performance, reliability, advanced
acceleration features, and security from a market leader.
FortiADC not only load balances Internet service requests across multiple servers, but also accelerates
application performance and provides application-aware features that monitor server load and improve server
response times – by as much as 25%. In addition to basic load balancing, FortiADC provides:
FortiADC Deployment Guide 6
Fortinet Technologies Inc.
Deployment topologies Router Mode
Deployment topologies
This section shows the most common deployment topologies for load balancing Apache Web Servers. It includes
the following information:
l Router Mode
l One-Arm Mode
The example configurations in this deployment guide are for a Router Mode deployment.
Router Mode
The following tables show the source/destination addresses received and sent from the FortiADC.
7 FortiADC Deployment Guide
Fortinet Technologies Inc.
One-Arm Mode Deployment topologies
One-Arm Mode
FortiADC Deployment Guide 8
Fortinet Technologies Inc.
Hardware and software used in this example One-Arm Mode
The following hardware and software were used in testing this example:
l FortiADC VM
l FortiADC OS Version 4.3.1
l Apache Web Server Version 2.2
l Custom client/server hardware running VMware ESX 4 (Ubuntu 13.3)
Important: This guide is written only for the FortiADC D-series platform. The instructions included within are not
designed to be used with the FortiADC E-series platform application delivery controllers.
9 FortiADC Deployment Guide
Fortinet Technologies Inc.
Step 1: Download and install the Apache Web Servers Apache Web Server Configuration
This section provides configuration guidelines for Apache Web Servers. It includes the following topics:
Basic steps
After you complete the installation, the httpd daemon starts automatically with the default port 80. (You can
change port settings in the httpd.conf file.)
3. Verify installation was successful by opening http://localhost in the server's browser. Figure 3 shows the
messages that are displayed when the installation is successful.
Figure 3: Apache server
If FortiADC performs source NAT (due to a one-arm deployment or other requirements), you can configure
FortiADC to write the original source IP address to the X-Forwarded-For header. Figure 4 shows the profile
configuration page where you set this behavior.
FortiADC Deployment Guide 10
Fortinet Technologies Inc.
Apache Web Server Configuration Step 2: Configure Apache Web Server logging
On the Apache Web Server, you configure the web server to log the X-Forwarded-For header.
The following httpd.conf configuration file lines are the default log format for logs that are to contain the X-
Forwarded-For header:
The following example shows changes you must make to the default format in order to log the X-Forwarded-For
client IP address or the real client IP address if the X-Forwarded-For header does not exist:
11 FortiADC Deployment Guide
Fortinet Technologies Inc.
Step 2: Configure Apache Web Server logging Apache Web Server Configuration
If you use advanced FortiADC load balancing features like SSL offloading and
compression offloading, you would disable those Apache Web Server settings.
FortiADC Deployment Guide 12
Fortinet Technologies Inc.
FortiADC Configuration Basic Configuration
FortiADC Configuration
This section provides configuration guidelines for load balancing Apache Web Servers when FortiADC is deployed
in Router Mode. It includes the following topics:
Basic Configuration
Advanced Features Configuration
Basic Configuration
This section provides the basic procedures for getting started with Layer 4 load balancing. It includes the
following steps:
13 FortiADC Deployment Guide
Fortinet Technologies Inc.
Basic Configuration FortiADC Configuration
FortiADC Deployment Guide 14
Fortinet Technologies Inc.
FortiADC Configuration Basic Configuration
To create a static route, go to Networking > Routing. Figure 6 shows the static route configuration page.
To configure a health check, go to System > Shared Resources > Health Check. Table 1 summarizes the health
check configuration for this example. Figure 7 shows the HTTP health check configuration page.
Name HC-HTTP-Apache80
Type HTTP
Method GET
15 FortiADC Deployment Guide
Fortinet Technologies Inc.
Basic Configuration FortiADC Configuration
To configure real server pools, go to Server Load Balance > Real Server. Table 2 summarizes the real server pool
configuration for this example. Figure 8 through Figure 10 show the configuration pages.
Name Web-Group
Health Check
FortiADC Deployment Guide 16
Fortinet Technologies Inc.
FortiADC Configuration Basic Configuration
Health Check Rela- OR Server is deemed available if any of the specified health
tionship checks is successful. In this case, we have only one
health check, so there is no distinction between the two
possible settings.
Health Check Con- HC-HTTP-Apache80 The health check configured in the previous step.
figuration Objects
Member
IP Address 192.168.100
192.168.101
192.168.102
Port 80
17 FortiADC Deployment Guide
Fortinet Technologies Inc.
Basic Configuration FortiADC Configuration
FortiADC Deployment Guide 18
Fortinet Technologies Inc.
FortiADC Configuration Basic Configuration
In the virtual server configuration, you select from predefined and user defined configuration objects. You created
the required user-defined configuration objects in the previous steps.
To configure virtual servers, go to Server Load Balance > Virtual Server. Table 3 summarizes the virtual server
configuration for this example. Figure 11 shows the configuration summary page.
19 FortiADC Deployment Guide
Fortinet Technologies Inc.
Basic Configuration FortiADC Configuration
Name Web_VIP
Type Layer 4
IP address 10.10.10.10
Port 80
Real Server Pool Web_Group The pool configured in the previous step.
FortiADC Deployment Guide 20
Fortinet Technologies Inc.
FortiADC Configuration Basic Configuration
21 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
Some advanced features are bound directly to the virtual server and some are bound to the profile selected for
the virtual server.
l Persistence
l Scripts
l Advanced profile options
Persistence
You bind persistence rules to the virtual server configuration. Persistence rules determine traffic that is not load
balanced but rather is dispatched to the same server as an existing connection. Typically, you configure
persistence rules to support server transactions that depend on an established client-server session.
This example uses persistence based on cookies. The backend server sends a cookie. If subsequent packets
received by FortiADC match the cookie, they are forwarded to the original backend server and load balancing
rules are not applicable.
To configure persistence rules, go to Server Load Balancing > Virtual Server > Persistence. Figure 12 shows the
configuration for this example. Figure 13 shows where to select the configuration object in the virtual server
configuration page.
FortiADC Deployment Guide 22
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
Scripts
You bind scripts to the virtual server configuration. Scripts enable you to use predefined Lua script commands and
variables to manipulate the HTTP request/response or select a content route.
For example, you could use a script to redirect HTTP requests to the HTTPS location for the web site:
when HTTP_REQUEST {
Host = HTTP:header_get_value("host")
Path = HTTP:path_get()
23 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
To configure scripts, go to System > Shared Resources > Scripting. Figure 14 shows the configuration for this
example. Figure 15 shows where to select the script in the virtual server configuration page.
FortiADC Deployment Guide 24
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
This section includes example configurations for the following advanced profile options:
25 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
l SSL offloading
l Caching
l Compression
SSL offloading
Clients can use SSL or TLS to connect to HTTPS virtual servers.
When you use FortiADC as a proxy for SSL operations normally performed on the backend real servers, you must
import the X.509 v3 server certificates and private keys the backend servers would ordinarily use, as well as any
certificate authority (CA) or intermediate CA certificates that are used to complete the chain of trust between your
clients and your servers.
The FortiADC system supports all of the TLS/SSL administration methods commonly used by HTTPS servers,
including:
l Server name indication (SNI) - You can require clients to use the TLS extension to include the server hostname in
the TLS client hello message. Then, the FortiADC system can select the appropriate local server certificate to
present to the client.
l Local certificate store - A certificate store for the X.509 v3 server certificates and private keys the backend servers
would ordinarily use.
l Certificate Authorities (CAs) store - A store for the CA certificates that the backend servers would ordinarily use to
verify the CA signature in the client certificate.
l Intermediate CAs store - A store for Intermediate CAs that the backend servers would ordinarily use to complete the
chain between the client certificate and the server certificate. HTTPS transactions use intermediate CAs when the
server certificate is signed by an intermediate certificate authority (CA) rather than a root CA.
l OCSP - Use Online Certificate Status Protocol (OCSP) to obtain the revocation status of certificates.
l CRL - Use a certificate revocation list (CRL) to obtain the revocation status of certificates.
l Certificate validation policy - You can configure certificate validation policies that use OCSP or CRL. These policies
can be associated with load balancing profiles.
Basic Steps
1. Import the certificates and keys. If necessary, generate a CSR and submit it to a CA. When you receive your
certificate from the CA, you can import it.
Go to System > Certificate > Manage Certificates > Local Certificate. Figure 16 shows the Import Local
Certificate page. Figure 17 shows the Generate CSR page.
2. Create a certificate group.
Go to System > Certificate > Manage Certificates > Local Certificate Group. Figure 18 shows the Certificate
Group configuration page.
3. Create an HTTPS profile and bind the certificate group to it.
Go to Server Load Balance > Profile. Figure 19 shows where to select the configuration object in the profile
configuration page.
FortiADC Deployment Guide 26
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
27 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
FortiADC Deployment Guide 28
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
Caching
FortiADC can store HTTP content. The system can serve subsequent HTTP requests for that content without
forwarding the requests to the backend servers, thereby reducing the load on the backend servers.
In general, the RAM cache conforms to the cache requirements described in RFC 2616.
29 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
If caching is enabled for the profile that is applied to traffic processing, the system evaluates HTTP responses to
determine whether or not to cache the content. HTTP responses with status codes 200, 203, 300, 301, 400 can
be cached.
Figure 20 shows the configuration for this example. Figure 21 shows where to select the configuration object in
the profile configuration page.
FortiADC Deployment Guide 30
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
Compression
Compression offers the greatest performance improvements for Apache Web Server when applied to URLs
whose media types include repetitive text such as tagged HTML and JavaScript. Files that already contain
efficient compression such as GIF images usually should not be compressed, as the CPU usage and time spent
compressing them will result in an increased delay rather than network throughput improvement.
Figure 22 shows the configuration for this example. Figure 23 shows where to select the configuration object in
the profile configuration page.
31 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
FortiADC Deployment Guide 32
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
33 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration FortiADC Configuration
FortiADC Deployment Guide 34
Fortinet Technologies Inc.
FortiADC Configuration Advanced Features Configuration
Name Web_VIP
Type Layer 7
IP address 10.10.10.10
Real Server Pool Web_Group The pool configured in the previous step.
35 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced Features Configuration Verification
Verification
You can use the FortiADC monitoring graphs and logs to verify that traffic is indeed cached and packet flow is
working as expected.
To display the dashboard for real server pool statistics, go to Dashboard > Virtual Server > Real Server.
To display logs for Layer 4 virtual servers, go to Log & Report > Traffic Log > SLB Layer 4.
FortiADC Deployment Guide 36
Fortinet Technologies Inc.
Troubleshooting Advanced Features Configuration
Troubleshooting
The FortiADC web user interface includes a tcpdump packet capture utility that can be helpful troubleshooting
expected behavior.
To configure packet capture settings and filters, go to Networking > Packet Capture.This page also has controls
to start/stop and download the packet captures.
37 FortiADC Deployment Guide
Fortinet Technologies Inc.
Basic server load balancing Appendix A: FortiADC Configuration
FortiADC Deployment Guide 38
Fortinet Technologies Inc.
Appendix A: FortiADC Configuration Advanced features
end
config load-balance persistence
end
config load-balance content-rewriting
end
config load-balance content-routing
end
config user local
end
config user user-group
end
config load-balance auth-policy
end
config load-balance virtual-server
edit "Web_VIP"
set interface port2
set ip 10.10.10.10
set load-balance-profile LB_PROF_TCP
set load-balance-method LB_METHOD_ROUND_ROBIN
set load-balance-pool Web_Group
set traffic-log enable
set id 1
next
end
Advanced features
39 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced features Appendix A: FortiADC Configuration
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI1MVDWOX4NCsCAggA
MBQGCCqGSIb3DQMHBAjLJVfgVPxzCASCBMi+OEweUbBScuSI3wOeLiJzihJ5gEQ1
NpKPfdlmdizM8zmlB9CDpj6qvh6/1Jr2fR/n3y/7mgxm6HmYwaejTP/zq3ahNxoV
geO83oYo4hmXw0HWd9gESZ2JsDcZYFnKGQOBh/8+hU0Dk54kk15We/pQax0yndog
iF9TI+YU52jWiHuGFSz7SgwxD7hnWIT0/TYJoYmRYCWEw/we2fK2E1cUiBbUhdoG
DR7+Wx5ZMqtEIFlFZfGEbDL0Ajvn9Ch0V9nxELKtrik5f4oV4MMWMIN+DLe/hhLP
wpnVUEvtxxPNmYQtz0pDSINutACqS6HRDvgt751JUueYMobkuP/dE2KZ8dAFNRji
4aFwELJKfWL9lEcUwTwA48VgLMoag2sJw1u2ZdoHQQS+IP+Y+XNNToyzpnS8cXLj
j69UjJWKvufdZ8emFU5dOHtaWUCXFk+mSvXdhVKyNlPu369EFwqn5NzqMPZZZNo8
LVDmU9ROleDQzZUGFTp2X30NrHFVO5D90XR96mndjuJtSzJHmDcSUUiaTTAzLURn
BlaVRfrJJXGDeBmylI86te7ZbvF1StVAqN701NzPDOh+Ixa73xtkFV1BnZ9AzLlC
6OzuKptofOTiLY001IkpDsd0vr3odJ5aRBZ8rxB2XhNq89iuzmV/ylDRA3JBi48m
ihTBfV8XTEb5fDTV0tEf9Ov6yPgXKR2/JSM1F9EqKjGx/1zEIW5jRZh/+RHGYBgr
U7sj1F3CrShCcgiQfxCJ+DlBPFi3Od7Rpx3Sk3NpE6j228C/2EheXka27I/Z1V9O
04nR0VyptLm/lF0XeXUgytLjJCXp+dE184u4OCNn6fycXOJENzWL12KUYeuhrZOA
bTYhV2hSkt00R6V93XhuLf7mgwF+A/DR741LdxixUl+lMtEbvfjJ5ojQZO8YmW/d
ERmF3R6YGar7U2wz+54EJLSWwTMAt+nqgsrlQefSmajAW9rOHrJ2giXzNrsLjkxP
RLl/k6LZzrGFSkkKLu9+msYc2P+KE0eVIqqVFTrduuuArdw/l37VN4cG55ZteLEJ
k04EuKWumPjOdXPRpO3flWfUERVhVuEZrMkpraCjsdf+9EUo9/tGifI1pfgn/ERp
0y+VlYOhjwCJt89F2T5w5gVsjyT2XT4F8IwRKFCz7thAgclj9EMe7a5s7tnBYBJ4
ISFBPVO4alg1bSqzQuISqw0s269gKz3WQebFm6yQaBOluf1TFFvRo8Yhp557OQ//
rzWnEFI/PgG1i6j0Z/aE1JONQLg3BKmEPGw/O5CjmN+o9CO+U0Ss6LcYAyFk4Vcm
sZDD6k4lF6CrSbRFAzNXgh1SuZ3MqlB2V45urBCoUGwXyyj7HLjwZkwDZz6NuQ9G
ffk9eMpILRzrYOhv3Z4Mc0f5hVGfzpcUHfoxm2n0JJ/YTXkGrnlbZWHLvBwbLhmc
CYpPXMzfWMxJHsAGMk95pFRRlU5mX7LZ+D3BW/ydxBv7FUcCy4l0HMliPx9m5CV6
03XILOYXbFabZcHE75CZX0CuzikTrBdfEzvX3r+fL0mnIeA6fSvc++Jb56fZiivs
sVV/GBtYP1BU6xN8JI+K+06kgTMHCbwwnTeRQ/fsAhuiV3AMqekSfr1j9YihZ3qS
1HI=
-----END ENCRYPTED PRIVATE KEY-----
"
set csr "-----BEGIN CERTIFICATE REQUEST-----
MIIC3jCCAcYCAQAwgYUxCzAJBgNVBAYTAkhSMQswCQYDVQQIEwJJTDELMAkGA1UE
BxMCSUwxDDAKBgNVBAoTA2FkYzERMA8GA1UECxMIZm9ydGlhZGMxGTAXBgNVBAMT
EHd3dy5mb3J0aWFkYy5jb20xIDAeBgkqhkiG9w0BCQEWEWFtaXRAZm9ydGluZXQu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuJCqyGVvPvxOfeh
UCczs1N5B+21d5vdQg90bjsIoBltOGStoN6nexx1yXHmvyqTmVFxky5bTkA8+7sS
C6hTqvIvUNeAF6BmU3FzqUsEsvGZF4jD2HYQ0xFW7QYU+ZmvvUPEtzWyrxIHkzph
u8O+LP7O4P1raw2MDDfzY5Yx8sHtlb1bTzGc+iJsnAXJvv/RLu/hj4zMuIMXVbZc
wFDj5kJtKLb1SvSPRagawIWHIbrpyyGlLCkalN0Bye3yI/2eMxeZv4EFezdgWiu1
QsqtgM/Fs5noolzqk10ZhbNj4199uwjklxk5GxVr6dWr8M0PD+m8ozSYqEK2dwlO
Vzx6UwIDAQABoBMwEQYDVR0TMQoTCENBOkZBTFNFMA0GCSqGSIb3DQEBBQUAA4IB
AQCfSWwkYbAD973U+65KstDKsISzyvK59yF8Ru1QYyXeHYpZLNxDyUF4WcaQqbSO
Bs9C/3ueWfVzKlfGe/2ytju2G9lEVAUGNwi+CvTSSN+SMP4ddZA7ndBQzTpGrmH7
gaO+Jyv4Jd7nq5Hrkvh5ocuAwD4TqptyGQsRDtuTMIU0Hq6qVp/tcG6OA87/rOg2
BmfA1dMplCiAViNHe+9fj2mAV0QlyzB8hM/Enxlfi680bX1RPW9KA9LmPFOkSpLC
Vm+Cq8YuEJ9Tuu+sFTG20mHwmmwitg9EjuGCOAHAKqcVw+c2cSCwtEf/5WW7E8eP
9X02teScIMBP3KCmSeMo2Frk
-----END CERTIFICATE REQUEST-----
"
next
end
config system certificate ca_group
end
config system certificate intermediate_ca
end
config system certificate intermediate_ca_group
FortiADC Deployment Guide 40
Fortinet Technologies Inc.
Appendix A: FortiADC Configuration Advanced features
end
config system certificate local_cert_group
edit "Cert_Group"
config group_member
edit 1
set local-cert Factory
next
end
next
end
config system scripting
edit "https_redirection"
next
end
config system health-check
edit "HC-HTTP-Apache80"
set type http
set port 80
set method-type http_get
next
end
config load-balance compression
edit "Compression-Policy"
config uri_list
end
config content_types
end
next
end
config load-balance caching
edit "Caching-Policy"
config uri_exclude_list
end
next
end
config load-balance profile
edit "HTTPS-Profile"
set type https
set local-cert-group Cert_Group
set compression Compression-Policy
set caching Caching-Policy
next
end
config load-balance pool
edit "Web_Group"
set health-check-ctrl enable
set health-check-list HC-HTTP-Apache80
config pool_member
edit 1
set ip 192.168.1.100
next
edit 2
set ip 192.168.1.101
next
edit 3
set ip 192.168.1.102
41 FortiADC Deployment Guide
Fortinet Technologies Inc.
Advanced features Appendix A: FortiADC Configuration
next
end
next
end
config load-balance method
end
config load-balance persistence
edit "Cookie_Presistency"
set type persistent-cookie
next
end
config load-balance virtual-server
edit "Web_VIP"
set type l7-load-balance
set interface port1
set ip 10.10.10.10
set load-balance-profile LB_PROF_HTTP
set load-balance-method LB_METHOD_ROUND_ROBIN
set load-balance-pool Web_Group
set traffic-log enable
set id 1
set scripting https_redirection
next
edit "HTTPS_VIP"
set type l7-load-balance
set interface port1
set ip 10.10.10.10
set port 443
set load-balance-profile HTTPS-Profile
set load-balance-persistence Cookie_Presistency
set load-balance-method LB_METHOD_ROUND_ROBIN
set load-balance-pool Web_Group
set traffic-log enable
set id 2
next
end
FortiADC Deployment Guide 42
Fortinet Technologies Inc.
Copyright© 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.