Version:

Version:

Version:


Table of Contents

FortiGate-7000F Handbook

Download PDF
Copy Link

What's new for FortiGate-7000F 6.4.8

FortiGate-7000F for FortiOS 6.4.6 includes the following new features:

  • Load balancing SSL VPN tunnel mode sessions terminated by the FortiGate-7000F to all FPMs, see SSL VPN load balancing.

  • The range of the FortiGate-7000F HA group ID has been increased to 0 to 255.

    config system ha

    set group-id 0-255

    end

    The HA group ID is used to calculate the MAC addresses assigned by the FGCP to the FortiGates in an FGCP cluster. Because of this change to the group ID range, after upgrading a FortiGate-7000F FGCP cluster to FortiOS 6.4.8, the MAC addresses assigned to the cluster interfaces by the FGCP will not be the same as the MAC addresses that were assigned before the firmware upgrade.

    Caution

    If you have upstream devices that perform MAC address checking and enforcement, traffic may be interrupted after the firmware upgrade because of the new MAC addresses.

  • FortiAnalyzer direct SLBC logging support, see Using direct SLBC logging to optimize logging performance.

  • The Configuration Sync monitor displays management and data plane resource usage, see Configuration sync monitor.

  • You can control how the FortiGate-7000F partitions source NAT (SNAT) source ports among FPMs, see Controlling SNAT port partitioning behavior.

  • A number of improvements and bug fixes related to SD-WAN comparability with session-aware load balancing clustering (SLBC). The primary FPM performs health checking and synchronizes health checking-based SD-WAN routing decisions to the other FPMs. In an FGCP HA cluster, the SD-WAN routing decisions are synchronized from the primary FPM of the primary FortiGate-7000F to the FPMs in the secondary FortiGate-7000F.

    The FortiGate-7000F now supports weight-based and volume-based SD-WAN load-balancing methods:

    config system virtual-wan-link

    set load-balance-mode {weight-based | measured-volume-based}

    end

  • All CLI command output, GUI pages, log messages, and SNMP queries and traps use the terminology "primary" and "secondary" in place of "master" and "slave". This change does not currently apply to config CLI options. The command execute load-balance slot set-master-worker has been changed to execute load-balance slot set-primary-worker.

Note

You can find the FortiGate-7000F for FortiOS 6.4.8 firmware images on the Fortinet Support Download Firmware Images page by selecting the FortiGate-6K7K product.

What's new for FortiGate-7000F 6.4.8

FortiGate-7000F for FortiOS 6.4.6 includes the following new features:

  • Load balancing SSL VPN tunnel mode sessions terminated by the FortiGate-7000F to all FPMs, see SSL VPN load balancing.

  • The range of the FortiGate-7000F HA group ID has been increased to 0 to 255.

    config system ha

    set group-id 0-255

    end

    The HA group ID is used to calculate the MAC addresses assigned by the FGCP to the FortiGates in an FGCP cluster. Because of this change to the group ID range, after upgrading a FortiGate-7000F FGCP cluster to FortiOS 6.4.8, the MAC addresses assigned to the cluster interfaces by the FGCP will not be the same as the MAC addresses that were assigned before the firmware upgrade.

    Caution

    If you have upstream devices that perform MAC address checking and enforcement, traffic may be interrupted after the firmware upgrade because of the new MAC addresses.

  • FortiAnalyzer direct SLBC logging support, see Using direct SLBC logging to optimize logging performance.

  • The Configuration Sync monitor displays management and data plane resource usage, see Configuration sync monitor.

  • You can control how the FortiGate-7000F partitions source NAT (SNAT) source ports among FPMs, see Controlling SNAT port partitioning behavior.

  • A number of improvements and bug fixes related to SD-WAN comparability with session-aware load balancing clustering (SLBC). The primary FPM performs health checking and synchronizes health checking-based SD-WAN routing decisions to the other FPMs. In an FGCP HA cluster, the SD-WAN routing decisions are synchronized from the primary FPM of the primary FortiGate-7000F to the FPMs in the secondary FortiGate-7000F.

    The FortiGate-7000F now supports weight-based and volume-based SD-WAN load-balancing methods:

    config system virtual-wan-link

    set load-balance-mode {weight-based | measured-volume-based}

    end

  • All CLI command output, GUI pages, log messages, and SNMP queries and traps use the terminology "primary" and "secondary" in place of "master" and "slave". This change does not currently apply to config CLI options. The command execute load-balance slot set-master-worker has been changed to execute load-balance slot set-primary-worker.

Note

You can find the FortiGate-7000F for FortiOS 6.4.8 firmware images on the Fortinet Support Download Firmware Images page by selecting the FortiGate-6K7K product.