Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiAIOps 3.2.0 Release Notes
    3.2.0
    3.2.1
    3.2.0
    3.0.1
    3.0.0
    2.1.0
    2.0.2
    2.0.1
    2.0.0

    Recommendations and Special Notes

    Recommendations and Special Notes

    Recommendations

    Fortinet recommends the following versions and configurations to use with FortiAIOps.

    Product

    Recommendation

    FortiAP
    • FortiAP (FAP) version 7.2.2 and above is recommended to generate all events in FortiAIOps.
    FortiOS
    • FortiOS version 7.2.4 and above, 7.4.0, or 7.6.0 are recommended to generate all events in FortiAIOps.
    FortiGate
    • [FortiGate/FortiAnalyzer] Configure the FortiAIOps IP address in the FortiGate syslog or FortiAnalyzer to send events to FortiAIOps.
    • Ensure that you enable the detection of interfering SSIDs in FortiGate to allow reporting of Throughput SLA - interference issues in FortiAIOps. To detect interfering SSIDs in FortiGate, configure the FortiAP profile to use Radio Resource Provisioning or a WIDS profile with AP scan enabled.

    • SD-WAN Network Monitor license must be installed on the FortiGate to measure the estimated bandwidth accurately.

    • Configure the sla-fail and sla-pass log failure period, the recommended duration is 60 seconds for enhanced accuracy.
    • When the backup file is restored on a different machine, reconfigure the FortiAIOps IP address in the FortiGate syslog settings.

    FortiAIOps 500G (FAO-500G)

    • For a fresh configuration, completely erase all existing configurations from the hard disks. A factory reset is recommended to ensure all configurations are removed.

    • Back up your configuration data before RAID rebuild and migration operations, as these processes are susceptible to errors.

    • The 10 Gbps port does not support 1 Gbps data speeds.

    • RAID rebuild and migration operations cannot be performed concurrently. However, simultaneous rebuild operations are supported for SSDs and HDDs.

    • The system supports the failure of only one HDD and one SSD at a time. Simultaneous failures of multiple HDDs or SSDs may lead to data loss.

    Others

    The FortiAIOps time and timezone should be synchronized with the NTP server.

    Special Notes

    AI-ARRP

    AI-ARRP is only supported on FortiOS 7.6.5 and FortiAP version 7.6.3.

    SD-WAN

    • Upon upgrading to the current release, the baseline configuration mode is automatically set to Dynamic.

    • Interfaces that were impacted prior to the upgrade will not be visible post-upgrade. However, new impacts detected after the upgrade will display correctly.

    • An SD-WAN license is required to view forecast and monitoring data, and an Analytics license is necessary to access SD-WAN Insights.

    Service Assurance Manager (SAM)

    • SAM is currently supported on F-series, G-series, and K-series FortiAPs using Bridge mode SSIDs with WPA2 PSK security only.

    • Only Radio 1 (2.4 GHz) and Radio 2 (5 GHz) are supported for SAM operations.

    • SAM test results are not displayed in the baseline view (details or trends) after a restore operation.

    Backup and Restore

    • Backup and restore is supported for version 2.0.0 and later. Migrating from version 1.x is not supported.

    • The backup and restore function is supported only for FortiAIOps configuration. CLI configurations are saved using the execute backup config command and it does not include any FortiAIOps specific configurations.

    • The Import option is not available for FortiGates deployed in High Availability (HA) mode.

    Monitoring and SLAs

    • To correctly detect STP and DHCP failures, ensure that L2 security features (BPDU Guard, Loop Guard, DHCP Snooping, Root Guard) are enabled on the switch ports.

    • The "Time to Connect" and "Connection Failure" SLAs do not currently support WPA3 SAE or Enterprise modes.

    • For FortiGate clusters, FortiAP and FortiSwitch events/logs may be displayed for both the primary and secondary units.

    • When a FortiGate is deleted and added in a new ADOM, the AI-Insights data is still displayed in the older device group, only for the time period during which the device was part of that group.

    Monitoring Dashboards

    • The donut charts on the monitoring dashboards do not display correctly on smaller screens or when the browser window is resized. This issue impacts multiple Monitor pages (such as Managed FortiGate, Wireless Clients, Access Points, and others).

    • All donut charts initially display Refresh to Load Data message after a page is reloaded.

    System and Compatibility

    • FortiAnalyzer version 7.4.1 is not supported due to an incorrect log format.

    Previous
    Next

    Recommendations and Special Notes

    Recommendations and Special Notes

    Recommendations

    Fortinet recommends the following versions and configurations to use with FortiAIOps.

    Product

    Recommendation

    FortiAP
    • FortiAP (FAP) version 7.2.2 and above is recommended to generate all events in FortiAIOps.
    FortiOS
    • FortiOS version 7.2.4 and above, 7.4.0, or 7.6.0 are recommended to generate all events in FortiAIOps.
    FortiGate
    • [FortiGate/FortiAnalyzer] Configure the FortiAIOps IP address in the FortiGate syslog or FortiAnalyzer to send events to FortiAIOps.
    • Ensure that you enable the detection of interfering SSIDs in FortiGate to allow reporting of Throughput SLA - interference issues in FortiAIOps. To detect interfering SSIDs in FortiGate, configure the FortiAP profile to use Radio Resource Provisioning or a WIDS profile with AP scan enabled.

    • SD-WAN Network Monitor license must be installed on the FortiGate to measure the estimated bandwidth accurately.

    • Configure the sla-fail and sla-pass log failure period, the recommended duration is 60 seconds for enhanced accuracy.
    • When the backup file is restored on a different machine, reconfigure the FortiAIOps IP address in the FortiGate syslog settings.

    FortiAIOps 500G (FAO-500G)

    • For a fresh configuration, completely erase all existing configurations from the hard disks. A factory reset is recommended to ensure all configurations are removed.

    • Back up your configuration data before RAID rebuild and migration operations, as these processes are susceptible to errors.

    • The 10 Gbps port does not support 1 Gbps data speeds.

    • RAID rebuild and migration operations cannot be performed concurrently. However, simultaneous rebuild operations are supported for SSDs and HDDs.

    • The system supports the failure of only one HDD and one SSD at a time. Simultaneous failures of multiple HDDs or SSDs may lead to data loss.

    Others

    The FortiAIOps time and timezone should be synchronized with the NTP server.

    Special Notes

    AI-ARRP

    AI-ARRP is only supported on FortiOS 7.6.5 and FortiAP version 7.6.3.

    SD-WAN

    • Upon upgrading to the current release, the baseline configuration mode is automatically set to Dynamic.

    • Interfaces that were impacted prior to the upgrade will not be visible post-upgrade. However, new impacts detected after the upgrade will display correctly.

    • An SD-WAN license is required to view forecast and monitoring data, and an Analytics license is necessary to access SD-WAN Insights.

    Service Assurance Manager (SAM)

    • SAM is currently supported on F-series, G-series, and K-series FortiAPs using Bridge mode SSIDs with WPA2 PSK security only.

    • Only Radio 1 (2.4 GHz) and Radio 2 (5 GHz) are supported for SAM operations.

    • SAM test results are not displayed in the baseline view (details or trends) after a restore operation.

    Backup and Restore

    • Backup and restore is supported for version 2.0.0 and later. Migrating from version 1.x is not supported.

    • The backup and restore function is supported only for FortiAIOps configuration. CLI configurations are saved using the execute backup config command and it does not include any FortiAIOps specific configurations.

    • The Import option is not available for FortiGates deployed in High Availability (HA) mode.

    Monitoring and SLAs

    • To correctly detect STP and DHCP failures, ensure that L2 security features (BPDU Guard, Loop Guard, DHCP Snooping, Root Guard) are enabled on the switch ports.

    • The "Time to Connect" and "Connection Failure" SLAs do not currently support WPA3 SAE or Enterprise modes.

    • For FortiGate clusters, FortiAP and FortiSwitch events/logs may be displayed for both the primary and secondary units.

    • When a FortiGate is deleted and added in a new ADOM, the AI-Insights data is still displayed in the older device group, only for the time period during which the device was part of that group.

    Monitoring Dashboards

    • The donut charts on the monitoring dashboards do not display correctly on smaller screens or when the browser window is resized. This issue impacts multiple Monitor pages (such as Managed FortiGate, Wireless Clients, Access Points, and others).

    • All donut charts initially display Refresh to Load Data message after a page is reloaded.

    System and Compatibility

    • FortiAnalyzer version 7.4.1 is not supported due to an incorrect log format.

    Previous
    Next