Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiDDoS-F 7.2.0 Release Notes
    7.2.0
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.2
    6.4.1
    6.4.0
    6.3.5
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0

    Introduction

    Introduction

    This Release Notes covers the new features, enhancements, resolved issues and known issues of FortiDDoS version 7.2.0 build 0804.

    Special Notes

    FortiDDoS F-Series Release 7.2.0 is the next release after 7.0.5. It is a direct, one-step upgrade from any previous FortiDDoS release. No intermediate steps are required.

    GUI changes on upgrade from releases below 7.0.1

    • GUI access via TLS 1.1 will be disabled after upgrade to 7.0.1 or higher as a security improvement. The option can be re-enabled by the user if desired.

    • On upgrade to 7.0.1 or higher, the existing LQ table is replaced by a new, much larger, and more granular table for improved mitigation.

      Existing entries are deleted.

      DNS Allowlists or Blocklists are not affected.

      Fortinet strongly recommends placing any SPP using LQ in Detection Mode for upgrade and allowing LQ to learn for at least one day on Authoritative DNS Servers before returning to Prevention Mode. For details, contact Fortinet.

    • The Report period of Last 30 Days has been removed as redundant with Last Month. Before upgrading, check Log & Report > Log Configurations for Reports with Last 30 Days selected and change them to Last Month.

    Manual traffic bypass may not enable in Fail Closed Mode

    Global Protection > Deployment > Power Off Bypass Mode operates correctly in Fail Closed Mode for all F-Series models. However, manual traffic bypass cannot be enabled when the Power Off Bypass Mode is in Fail Closed Mode, for earlier hardware versions. Please see the 7.2.0 handbook for information or use the workaround below to force bypass.

    Workaround:
    Temporarily place the system into Fail Open Mode, then manually bypass the traffic using either the GUI (Dashboard > System Information panel > Bypass Status link) or CLI (execute bypass-traffic enable). After returning FortiDDoS to inline, change the Power Off Bypass Mode back to Fail Closed Mode.

    Monitor > TRAFFIC MONITOR > Subnets graphs affected by upgrade

    The following only affects the Monitor > TRAFFIC MONITOR > Subnets graphs. All other graphs retain all previous information:

    If you are upgrading from a Release lower than 6.5.0, the Round Robin Databases used for these graphs (all protected subnets for all SPPs) are modified during the upgrade and all previous data is deleted. New data will display in the next 5-minute reporting period after upgrade. This does not affect on any other Monitor graph.

    See above Special Note. If the system is in Fail Closed Mode, change the setting to Fail Open Mode. Afterwards, place FortiDDoS into Bypass mode. You can do this via GUI from Dashboard > Status > System Information > Bypass Status Inline/Bypass link or using CLI:

    FortiddoS #execute bypass-traffic enable

    This operation will enable traffic bypass!

    Do you want to continue? (y/n) y

    It is recommended to perform upgrades in a maintenance window to avoid disrupting other network settings such as OSPF, RSTP and BGP that affect traffic when the physical ports are changed from inline to bypass and back to inline.

    After the upgrade is complete, FortiDDoS will return to inline mode. As above, if system is normally in Fail Closed Mode, change that setting back to Fail Closed.

    Ensure to clear your browser cache (or operate in incognito mode) after a firmware upgrade. The GUI is coded in Javascript in the browser and code changes in the system do not automatically signal the browser to rebuild the GUI. Changes to the GUI will not appear until the cache is cleared. If the cache is not cleared, you may see misaligned tables or entire Dashboard panels missing or appearing in the wrong place.
    Previous
    Next

    Introduction

    Introduction

    This Release Notes covers the new features, enhancements, resolved issues and known issues of FortiDDoS version 7.2.0 build 0804.

    Special Notes

    FortiDDoS F-Series Release 7.2.0 is the next release after 7.0.5. It is a direct, one-step upgrade from any previous FortiDDoS release. No intermediate steps are required.

    GUI changes on upgrade from releases below 7.0.1

    • GUI access via TLS 1.1 will be disabled after upgrade to 7.0.1 or higher as a security improvement. The option can be re-enabled by the user if desired.

    • On upgrade to 7.0.1 or higher, the existing LQ table is replaced by a new, much larger, and more granular table for improved mitigation.

      Existing entries are deleted.

      DNS Allowlists or Blocklists are not affected.

      Fortinet strongly recommends placing any SPP using LQ in Detection Mode for upgrade and allowing LQ to learn for at least one day on Authoritative DNS Servers before returning to Prevention Mode. For details, contact Fortinet.

    • The Report period of Last 30 Days has been removed as redundant with Last Month. Before upgrading, check Log & Report > Log Configurations for Reports with Last 30 Days selected and change them to Last Month.

    Manual traffic bypass may not enable in Fail Closed Mode

    Global Protection > Deployment > Power Off Bypass Mode operates correctly in Fail Closed Mode for all F-Series models. However, manual traffic bypass cannot be enabled when the Power Off Bypass Mode is in Fail Closed Mode, for earlier hardware versions. Please see the 7.2.0 handbook for information or use the workaround below to force bypass.

    Workaround:
    Temporarily place the system into Fail Open Mode, then manually bypass the traffic using either the GUI (Dashboard > System Information panel > Bypass Status link) or CLI (execute bypass-traffic enable). After returning FortiDDoS to inline, change the Power Off Bypass Mode back to Fail Closed Mode.

    Monitor > TRAFFIC MONITOR > Subnets graphs affected by upgrade

    The following only affects the Monitor > TRAFFIC MONITOR > Subnets graphs. All other graphs retain all previous information:

    If you are upgrading from a Release lower than 6.5.0, the Round Robin Databases used for these graphs (all protected subnets for all SPPs) are modified during the upgrade and all previous data is deleted. New data will display in the next 5-minute reporting period after upgrade. This does not affect on any other Monitor graph.

    See above Special Note. If the system is in Fail Closed Mode, change the setting to Fail Open Mode. Afterwards, place FortiDDoS into Bypass mode. You can do this via GUI from Dashboard > Status > System Information > Bypass Status Inline/Bypass link or using CLI:

    FortiddoS #execute bypass-traffic enable

    This operation will enable traffic bypass!

    Do you want to continue? (y/n) y

    It is recommended to perform upgrades in a maintenance window to avoid disrupting other network settings such as OSPF, RSTP and BGP that affect traffic when the physical ports are changed from inline to bypass and back to inline.

    After the upgrade is complete, FortiDDoS will return to inline mode. As above, if system is normally in Fail Closed Mode, change that setting back to Fail Closed.

    Ensure to clear your browser cache (or operate in incognito mode) after a firmware upgrade. The GUI is coded in Javascript in the browser and code changes in the system do not automatically signal the browser to rebuild the GUI. Changes to the GUI will not appear until the cache is cleared. If the cache is not cleared, you may see misaligned tables or entire Dashboard panels missing or appearing in the wrong place.
    Previous
    Next