Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Changes in default values

Firewall

The default profile for ssl-ssh-profile is changed from certificate-inspection to no-inspection.

Previous releases

6.2.0 release

Config firewall policy
  edit [Policy ID]
    set ssl-ssh-profile certificate-inspection
  next
end
Config firewall policy
  edit [Policy ID]
    set ssl-ssh-profile no-inspection
  next
end

 

IPsec VPN

The default value for net-device option under dynamic(dialup) tunnel has changed from disable to enable.

Previous releases

6.2.0 release

config vpn ipsec phase1-interface 
   edit [Tunnel Name] 
      set type dynamic 
      set net-device disable 
   next 
end
config vpn ipsec phase1-interface 
   edit [Tunnel Name] 
      set type dynamic 
      set net-device enable 
   next 
end

 

Log & Report

The default value, minimum value, and maximum value for memory log is changed.

Previous releases

6.2.0 release

config log memory global-setting
   set max-size 65536
end
config log memory global-setting
   set max-size [1% of total RAM]
end

 

Routing

The default SD-WAN health-check interval is changed from 1 to 500 and the unit is changed from seconds to milliseconds.

Previous releases

6.2.0 release

config system virtual-wan-link 
   config health-check
      edit [Health Check Name]
         set interval 1
      next
   end
end
config system virtual-wan-link 
   config health-check
      edit [Health Check Name]
         set interval 500
      next
   end
end

 

The default link-monitor interval is changed from 1 to 500 and the unit is changed from seconds to milliseconds.

Previous releases

6.2.0 release

config system link-monitor
   edit [Link Monitor Name]
      set interval 1
   next
end
config system link-monitor
   edit [Link Monitor Name]
      set interval 500
   next
end

 

Switch Controller

The default value for FortiLink split interface is changed from disable to enable.

Previous releases

6.2.0 release

config system interface
   edit [FortiLink Interface]
      set fortilink enable
      set fortilink-split-interface disable
   next
end
config system interface
   edit [FortiLink Interface]
      set fortilink enable
      set fortilink-split-interface enable
   next
end

 

WiFi Controller

The default value of broadcast-suppression under wireless vap is changed from dhcp-up arp-known to dhcp-up arp-known dhcp-ucast.

Previous releases

6.2.0 release

config wireless-controller vap 
   edit [vap-name] 
      set broadcast-suppression dhcp-up arp-known 
   next 
end
config wireless-controller vap 
   edit [vap-name] 
      set broadcast-suppression dhcp-up dhcp-ucast arp-known 
   next 
end

 

The default value of control-message-offload under wireless-controller wtp-profile is changed from ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu to ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health.

Previous releases

6.2.0 release

config wireless-controller wtp-profile
   edit [FAP Profile Name]
      set control-message-offload ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu 
   next
end
config wireless-controller wtp-profile
   edit [FAP Profile Name]
      set control-message-offload ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health
   next
end

Changes in default values

Firewall

The default profile for ssl-ssh-profile is changed from certificate-inspection to no-inspection.

Previous releases

6.2.0 release

Config firewall policy
  edit [Policy ID]
    set ssl-ssh-profile certificate-inspection
  next
end
Config firewall policy
  edit [Policy ID]
    set ssl-ssh-profile no-inspection
  next
end

 

IPsec VPN

The default value for net-device option under dynamic(dialup) tunnel has changed from disable to enable.

Previous releases

6.2.0 release

config vpn ipsec phase1-interface 
   edit [Tunnel Name] 
      set type dynamic 
      set net-device disable 
   next 
end
config vpn ipsec phase1-interface 
   edit [Tunnel Name] 
      set type dynamic 
      set net-device enable 
   next 
end

 

Log & Report

The default value, minimum value, and maximum value for memory log is changed.

Previous releases

6.2.0 release

config log memory global-setting
   set max-size 65536
end
config log memory global-setting
   set max-size [1% of total RAM]
end

 

Routing

The default SD-WAN health-check interval is changed from 1 to 500 and the unit is changed from seconds to milliseconds.

Previous releases

6.2.0 release

config system virtual-wan-link 
   config health-check
      edit [Health Check Name]
         set interval 1
      next
   end
end
config system virtual-wan-link 
   config health-check
      edit [Health Check Name]
         set interval 500
      next
   end
end

 

The default link-monitor interval is changed from 1 to 500 and the unit is changed from seconds to milliseconds.

Previous releases

6.2.0 release

config system link-monitor
   edit [Link Monitor Name]
      set interval 1
   next
end
config system link-monitor
   edit [Link Monitor Name]
      set interval 500
   next
end

 

Switch Controller

The default value for FortiLink split interface is changed from disable to enable.

Previous releases

6.2.0 release

config system interface
   edit [FortiLink Interface]
      set fortilink enable
      set fortilink-split-interface disable
   next
end
config system interface
   edit [FortiLink Interface]
      set fortilink enable
      set fortilink-split-interface enable
   next
end

 

WiFi Controller

The default value of broadcast-suppression under wireless vap is changed from dhcp-up arp-known to dhcp-up arp-known dhcp-ucast.

Previous releases

6.2.0 release

config wireless-controller vap 
   edit [vap-name] 
      set broadcast-suppression dhcp-up arp-known 
   next 
end
config wireless-controller vap 
   edit [vap-name] 
      set broadcast-suppression dhcp-up dhcp-ucast arp-known 
   next 
end

 

The default value of control-message-offload under wireless-controller wtp-profile is changed from ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu to ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health.

Previous releases

6.2.0 release

config wireless-controller wtp-profile
   edit [FAP Profile Name]
      set control-message-offload ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu 
   next
end
config wireless-controller wtp-profile
   edit [FAP Profile Name]
      set control-message-offload ebp-frame aeroscout-tag ap-list sta-list sta-cap-list stats aeroscout-mu sta-health
   next
end