Fortinet white logo
Fortinet white logo

Special notices

Special notices

ZTNA certificates

Zero trust network access (ZTNA) certificate provisioning requires Trusted Platform Module (TPM) 2.0 on the endpoint with one of the following:

  • Maximum of TLS 1.2 in FortiOS
  • Maximum of TLS 1.3 in FortiOS if the TPM 2.0 implementation in the endpoint supports RSA PSS signatures

For ZTNA tags for checking certificates, FortiClient (Linux) does not check user certificates and only checks root certificate authority certificates installed on the system. These routes are:

Operating system

Route

Ubuntu

/etc/ssl/certs/ca-certificates.crt

  • CentOS
  • Red Hat

/etc/pki/tls/certs/ca-bundle.crt

FortiGuard Web Filtering Category v10 Update

Fortinet has updated its web filtering categories to v10, which includes two new URL categories for AI chat and cryptocurrency websites. To use the new categories, customers must upgrade their Fortinet products to one of the versions below:

  • FortiManager - Fixed in 6.0.12, 6.2.9, 6.4.7, 7.0.2, 7.2.0, 7.4.0.
  • FortiOS - Fixed in 7.2.8 and 7.4.1.
  • FortiClient - Fixed in Windows 7.2.3, macOS 7.2.3, Linux 7.2.3.
  • FortiClient EMS - Fixed in 7.2.1.
  • FortiMail - Fixed in 7.0.7, 7.2.5, 7.4.1.
  • FortiProxy - Fixed in 7.4.1.

Please read the following CSB for more information to caveats on the usage in FortiManager and FortiOS: https://support.fortinet.com/Information/Bulletin.aspx

Special notices

Special notices

ZTNA certificates

Zero trust network access (ZTNA) certificate provisioning requires Trusted Platform Module (TPM) 2.0 on the endpoint with one of the following:

  • Maximum of TLS 1.2 in FortiOS
  • Maximum of TLS 1.3 in FortiOS if the TPM 2.0 implementation in the endpoint supports RSA PSS signatures

For ZTNA tags for checking certificates, FortiClient (Linux) does not check user certificates and only checks root certificate authority certificates installed on the system. These routes are:

Operating system

Route

Ubuntu

/etc/ssl/certs/ca-certificates.crt

  • CentOS
  • Red Hat

/etc/pki/tls/certs/ca-bundle.crt

FortiGuard Web Filtering Category v10 Update

Fortinet has updated its web filtering categories to v10, which includes two new URL categories for AI chat and cryptocurrency websites. To use the new categories, customers must upgrade their Fortinet products to one of the versions below:

  • FortiManager - Fixed in 6.0.12, 6.2.9, 6.4.7, 7.0.2, 7.2.0, 7.4.0.
  • FortiOS - Fixed in 7.2.8 and 7.4.1.
  • FortiClient - Fixed in Windows 7.2.3, macOS 7.2.3, Linux 7.2.3.
  • FortiClient EMS - Fixed in 7.2.1.
  • FortiMail - Fixed in 7.0.7, 7.2.5, 7.4.1.
  • FortiProxy - Fixed in 7.4.1.

Please read the following CSB for more information to caveats on the usage in FortiManager and FortiOS: https://support.fortinet.com/Information/Bulletin.aspx