Fortinet black logo

Changes in CLI defaults

Changes in CLI defaults

AntiVirus

Add SSH inspection. This is only compatible with proxy inspection.

Previous releases

6.2.2 release

config antivirus profile
   edit "profile_name"
   next
end
config antivirus profile
   edit "profile_name"
      config ssh                          <==added
         set options scan                 <==added
         unset archive-block              <==added
         unset archive-log                <==added
         set emulator enable              <==added
         set outbreak-prevention disabled <==added
      end
   next
end

Endpoint Control

Add fortiems-cloud option under FSSO user.

Previous releases

6.2.2 release

config user fsso
   edit <name>
   next
end
config user fsso
   edit <name>
      set type fortiems-cloud <==added
   next
end

Add attribute fortinetone-cloud-authentication to endpoint control fctems.

Previous releases

6.2.2 release

config endpoint-control fctems
   edit <name>
   next
end
config endpoint-control fctems
  edit <name>
     set fortinetone-cloud-authentication [enable | disable] <==added
  next
end

Add sub-second-sampling under GTP.

Previous releases

6.2.2 release

config firewall gtp
   edit "gtpp"
   next
end
config firewall gtp
   edit "gtpp"
      set sub-second-sampling enable <==added
      set sub-second-interval 0.1    <==added
   next
end

Firewall

Add HTTPS as a type of health check for VIP load-balance monitor.

Previous releases

6.2.2 release

config firewall ldb-monitor
   edit [Monitor Name]
      set type ?

ping     PING health monitor.
tcp      TCP-connect health monitor.
http     HTTP-GET health monitor.
config firewall ldb-monitor
   edit [Monitor Name]
      set type ?

ping     PING health monitor.
tcp      TCP-connect health monitor.
http     HTTP-GET health monitor.
https    HTTP-GET health monitor with SSL. <==added

Remove set type wildcard-fqdn and set wildcard-fqdn <string> from firewall address.

Previous releases

6.2.2 release

config firewall address
   edit [Address]
      set type wildcard-fqdn     <==removed
      set wildcard-fqdn <string> <==removed
   next
end
config firewall address
   edit [Address]
   next
end

Add CLI commands to support address and service negate in consolidated policy.

Previous releases

6.2.2 release

config firewall consolidated policy
   edit [Policy ID]
   next
end
config firewall consolidated policy
  edit [Policy ID]
     set srcaddr-negate [enable | disable]    <==added
     set dstaddr-negate [enable | disable]    <==added
     set service-negate [enable | disable]    <==added
     set internet-service-negate [enable | disable]        <==added
     set internet-service-src-negate [enable | disable] <==added
  next
end

Proxy

In protocol option profile, add ssl-offloaded command under each protocol.

Previous releases

6.2.2 release

config firewall profile-protocol-options
   edit ""default-clone""
      config http
      end
      config ftp
      end
      config imap
      end
      config pop3
      end
      config smtp
      end
   next
end
config firewall profile-protocol-options
   edit ""default-clone""
      config http
         set ssl-offloaded no <==added
      end
      config ftp
         set ssl-offloaded no <==added
      end
      config imap
         set ssl-offloaded no <==added
      end
      config pop3
         set ssl-offloaded no <==added
      end
      config smtp
         set ssl-offloaded no <==added
      end
   next
end

Traffic Shaping

Add a new global CLI table to define traffic classes. This is 's a mapping between class-ID and naming. class-ID from shaping-policy, shaping-profile, and traffic-shaper need to be data-sourced from this CLI table.

Previous releases

6.2.2 release

config firewall traffic-class   <==added
   edit [Class-ID]              <==added
end                             <==added

Log & Report

Add CLI allowing user to configure socket priority and maximum log rate per remote log device.

Similar setting apply to config log fortiguard setting and config log syslogd setting.

Previous releases

6.2.2 release

config log fortianalyzer setting
end

config log fortianalyzer override-setting
end
config log fortianalyzer setting
   set priority [default | low]              <==added
   set max-log-rate [Log Rate, unit is MBps] <==added
end

config log fortianalyzer override-setting
   set priority [default | low]              <==added
   set max-log-rate [Log Rate, unit is MBps] <==added
end

Add the test command option in CLI.

Previous releases

6.2.2 release

diag test application miglogd
diag test application miglogd 40 <==added option "40"

SSH

Add file transfer scan over SSH (SCP and SFTP).

Previous releases

6.2.2 release

config ssh-filter profile
   edit [Profile Name]
      set default-command-log disable
   next
end
config ssh-filter profile
   edit [Profile Name]
      set block x11 shell exec port-forward tun-forward sftp scp unknown <==added scp
      set log x11 shell exec port-forward tun-forward sftp scp unknown   <==added scp
      set default-command-log disable
      config file-filter                  <==added
         set status enable                <==added
         set log enable                   <==added
         set scan-archive-contents enable <==added
         config entries                   <==added
            edit [Entry]                  <==added
               set comment ''             <==added
               set action block           <==added
               set direction any          <==added
               set password-protected any <==added
               set file-type "msoffice"   <==added
            next
         end
      end
   next
end

SSL VPN

Remove citrix and portforward from apptype in the three entries in SSL VPN web bookmark.

Previous releases

6.2.2 release

conf vpn ssl web user-bookmark
  edit [Name]
     config bookmarks
        edit [Boormark Name]
           set apptype ?
              citrix Citrix.            <==removed
              ftp FTP.
              portforward Port Forward. <==removed
              rdp RDP.
              sftp SFTP.
              smb SMB/CIFS.
              ssh SSH.
              telnet Telnet.
              vnc VNC.
              web HTTP/HTTPS.
        next
     end
  next
end

conf vpn ssl web user-group-bookmark
  edit [Name]
     config bookmarks
        edit [Boormark Name]
           set apptype ?
              citrix Citrix.            <==removed
              ftp FTP.
              portforward Port Forward. <==removed
              rdp RDP.
              sftp SFTP.
              smb SMB/CIFS.
              ssh SSH.
              telnet Telnet.
              vnc VNC.
              web HTTP/HTTPS.
        next
     end
  next
end

conf vpn ssl web portal
  edit [Name]
     config bookmarks
        edit [Boormark Name]
           set apptype ?
              citrix Citrix.            <==removed
              ftp FTP.
              portforward Port Forward. <==removed
              rdp RDP.
              sftp SFTP.
              smb SMB/CIFS.
              ssh SSH.
              telnet Telnet.
              vnc VNC.
              web HTTP/HTTPS.
        next
     end
  next
end
conf vpn ssl web user-bookmark
   edit [Name]
      config bookmarks
         edit [Boormark Name]
            set apptype ?
               ftp FTP.
               rdp RDP.
               sftp SFTP.
               smb SMB/CIFS.
               ssh SSH.
               telnet Telnet.
               vnc VNC.
               web HTTP/HTTPS.
         next
      end
   next
end

conf vpn ssl web user-group-bookmark
   edit [Name]
      config bookmarks
         edit [Boormark Name]
            set apptype ?
               ftp FTP.
               rdp RDP.
               sftp SFTP.
               smb SMB/CIFS.
               ssh SSH.
               telnet Telnet.
               vnc VNC.
               web HTTP/HTTPS.
         next
      end
   next
end

conf vpn ssl web portal
   edit [Name]
      config bookmarks
         edit [Boormark Name]
            set apptype ?
               ftp FTP.
               rdp RDP.
               sftp SFTP.
               smb SMB/CIFS.
               ssh SSH.
               telnet Telnet.
               vnc VNC.
               web HTTP/HTTPS.
         next
      end
   next
end

System

Add description in system security zones.

Previous releases

6.2.2 release

config system zone
   edit [Zone Name]
   next
end
config system zone
   edit [Zone Name]
      set description "" <==added
   next
end

Increase the maximum number of DNS servers supported in DHCP server from 3 to 4.

Previous releases

6.2.2 release

config system dhcp server
    edit [Server ID]
        set dns-server1 1.1.1.1
        set dns-server2 2.2.2.2
        set dns-server3 3.3.3.3
    next
end
config system dhcp server
    edit [Server ID]
        set dns-server1 1.1.1.1
        set dns-server2 2.2.2.2
        set dns-server3 3.3.3.3
        set dns-server4 4.4.4.4 <==added
    next
end

VM

Remove vdom-mode multi-vdom option for cloud-based ondemand FGT-VM.

Previous releases

6.2.2 release

config sys global
   set vdom-mode ?
      no-vdom Disable split/multiple VDOMs mode.
      split-vdom Enable split VDOMs mode.
      multi-vdom Enable multiple VDOMs mode. <==removed
end
config sys global
   set vdom-mode ?
      no-vdom Disable split/multiple VDOMs mode.
      split-vdom Enable split VDOMs mode.
end

Remove security rating from FGT_VMX and FGT_SVM.

Previous releases

6.2.2 release

diagnose security-rating version <==removed

Enable CPU hot plug in kernel configuration.

Previous releases

6.2.2 release

execute cpu show <==added
Active CPU number: 1
Total CPU number: 8

execute cpu add 1 <==added
Active CPU number: 2
Total CPU number: 8

Collect EIP from cloud VMs (Azure, AWS, GCP, AliCloud, and OCI).

Previous releases

6.2.2 release

pcui-cloudinit-test # execute <?>

config system global
   set sslvpn-cipher-hardware-acceleration <==removed
end
pcui-cloudinit-test # execute <?>
update-eip [Update external IP.] <==added

config system global
    ...
end

WiFi Controller

Add portal-type external-auth when captive-portal is enabled on local-bridge VAP.

Previous releases

6.2.2 release

config wireless-controller vap
   edit "wifi.fap.02"
      set ssid "bridge-captive"
      set local-bridging enable
      set security captive-portal
      set external-web "170.00.00.000/portal/index.php"
      set radius-server "peap"
   next
end
config wireless-controller vap
   edit "wifi.fap.02"
      set ssid "bridge-captive"
      set local-bridging enable
      set security captive-portal
      set portal-type external-auth <==added
      set external-web "170.00.00.000/portal/index.php"
      set radius-server "peap"
   next
end

Move darrp-optimize and darrp-optimize-schedules configurations from Global level to VDOM level.

Previous releases

6.2.2 release

### Global ###
   config wireless-controller timers
      set darrp-optimize 86400 <==removed
      set darrp-optimize-schedules "default-darrp-optimize" <==removed
   end
### VDOM ###
   config wireless-controller setting
      set darrp-optimize 86400 <==added
      set darrp-optimize-schedules "default-darrp-optimize" <==added
   end

Add external-web-format setting under captive-portal VAP when external portal is selected.

Previous releases

6.2.2 release

config wireless-controller vap
   edit guestwifi
      set ssid "GuestWiFi"
      set security captive-portal
      set external-web "http://170.00.00.000/portal/index.php"
      set selected-usergroups "Guest-group"
      set intra-vap-privacy enable
      set schedule "always"
   next
end
config wireless-controller vap
   edit guestwifi
      set ssid "GuestWiFi"
      set security captive-portal
      set external-web "http://170.00.00.000/portal/index.php"
      set selected-usergroups "Guest-group"
      set intra-vap-privacy enable
      set schedule "always"
      set external-web-format auto-detect <==added
   next
end

Add new WTP profiles FAPU431F-default and FAPU433F-default.

Previous releases

6.2.2 release

config wireless-controller wtp-profile
  edit [FAPU431F-default | FAPU433F-default]
      config platform
      end
config wireless-controller wtp-profile
  edit [FAPU431F-default | FAPU433F-default]
    config platform
      set type [U431F | U433F]       <==added
      set mode [dual-5G | single-5G] <==added
    end
config wireless-controller wtp-profile
    edit [FAPU431F-default | FAPU433F-default]
    next
end
config wireless-controller wtp-profile
    edit [FAPU431F-default | FAPU433F-default]
        config radio-1              <==added
            set band 802.11ax-5G    <==added
        end
        config radio-2              <==added
            set band 802.11ax-5G    <==added
        end
        config radio-3              <==added
            set band 802.11n,g-only <==added
        end
    next
end
config wireless-controller vap
    edit [SSID name]
    next
end
config wireless-controller vap
    edit [SSID name]
        set high-efficiency enable  <==added
        set target-wake-time enable <==added
    next
end

For DFS approved countries, add 160 MHz channel bonding support for FortiAP U421EV/U422EV/U423EV models.

Previous releases

6.2.2 release

config wireless-controller wtp-profile
    edit [ FAPU421EV-default | FAPU422EV-default | FAPU423EV-default ]
        config radio-2
            set band 802.11ac
        end
    next
end
config wireless-controller wtp-profile
    edit [ FAPU421EV-default | FAPU422EV-default | FAPU423EV-default ]
        config radio-2
            set band 802.11ac
            set channel-bonding 160MHz <==added
        end
    next
end

Add MPSK schedule that allows setting valid period for MPSK.

Previous releases

6.2.2 release

config wireless-controller vap
  edit [SSID Interface Name]
      set mpsk enable
      config mpsk-key
          edit [MPSK Entry Name]
              set passphrase 11111111
          next
      end
  next
end
config wireless-controller vap
  edit [SSID Interface Name]
      set mpsk enable
      config mpsk-key
          edit [MPSK Entry Name]
              set passphrase 11111111
              set mpsk-schedules "always" <==added
          next
      end
  next
end

Add GRE&L2TP support in WiFi.

Previous releases

6.2.2 release

config wireless-controller vap
    edit "80e_gre"
        set ssid "FOS-QA_Bruce_80e_gre"
        set local-bridging enable
        set vlanid 3135
    next
end
config wireless-controller wag-profile <==added
    edit [Profile Name]                <==added
end

config wireless-controller vap
    edit "80e_gre"
        set ssid "FOS-QA_Bruce_80e_gre"
        set local-bridging enable
        set vlanid 3135
        set primary-wag-profile "tunnel" <==added
        set secondary-wag-profile "l2tp" <==added
    next
end

Changes in CLI defaults

AntiVirus

Add SSH inspection. This is only compatible with proxy inspection.

Previous releases

6.2.2 release

config antivirus profile
   edit "profile_name"
   next
end
config antivirus profile
   edit "profile_name"
      config ssh                          <==added
         set options scan                 <==added
         unset archive-block              <==added
         unset archive-log                <==added
         set emulator enable              <==added
         set outbreak-prevention disabled <==added
      end
   next
end

Endpoint Control

Add fortiems-cloud option under FSSO user.

Previous releases

6.2.2 release

config user fsso
   edit <name>
   next
end
config user fsso
   edit <name>
      set type fortiems-cloud <==added
   next
end

Add attribute fortinetone-cloud-authentication to endpoint control fctems.

Previous releases

6.2.2 release

config endpoint-control fctems
   edit <name>
   next
end
config endpoint-control fctems
  edit <name>
     set fortinetone-cloud-authentication [enable | disable] <==added
  next
end

Add sub-second-sampling under GTP.

Previous releases

6.2.2 release

config firewall gtp
   edit "gtpp"
   next
end
config firewall gtp
   edit "gtpp"
      set sub-second-sampling enable <==added
      set sub-second-interval 0.1    <==added
   next
end

Firewall

Add HTTPS as a type of health check for VIP load-balance monitor.

Previous releases

6.2.2 release

config firewall ldb-monitor
   edit [Monitor Name]
      set type ?

ping     PING health monitor.
tcp      TCP-connect health monitor.
http     HTTP-GET health monitor.
config firewall ldb-monitor
   edit [Monitor Name]
      set type ?

ping     PING health monitor.
tcp      TCP-connect health monitor.
http     HTTP-GET health monitor.
https    HTTP-GET health monitor with SSL. <==added

Remove set type wildcard-fqdn and set wildcard-fqdn <string> from firewall address.

Previous releases

6.2.2 release

config firewall address
   edit [Address]
      set type wildcard-fqdn     <==removed
      set wildcard-fqdn <string> <==removed
   next
end
config firewall address
   edit [Address]
   next
end

Add CLI commands to support address and service negate in consolidated policy.

Previous releases

6.2.2 release

config firewall consolidated policy
   edit [Policy ID]
   next
end
config firewall consolidated policy
  edit [Policy ID]
     set srcaddr-negate [enable | disable]    <==added
     set dstaddr-negate [enable | disable]    <==added
     set service-negate [enable | disable]    <==added
     set internet-service-negate [enable | disable]        <==added
     set internet-service-src-negate [enable | disable] <==added
  next
end

Proxy

In protocol option profile, add ssl-offloaded command under each protocol.

Previous releases

6.2.2 release

config firewall profile-protocol-options
   edit ""default-clone""
      config http
      end
      config ftp
      end
      config imap
      end
      config pop3
      end
      config smtp
      end
   next
end
config firewall profile-protocol-options
   edit ""default-clone""
      config http
         set ssl-offloaded no <==added
      end
      config ftp
         set ssl-offloaded no <==added
      end
      config imap
         set ssl-offloaded no <==added
      end
      config pop3
         set ssl-offloaded no <==added
      end
      config smtp
         set ssl-offloaded no <==added
      end
   next
end

Traffic Shaping

Add a new global CLI table to define traffic classes. This is 's a mapping between class-ID and naming. class-ID from shaping-policy, shaping-profile, and traffic-shaper need to be data-sourced from this CLI table.

Previous releases

6.2.2 release

config firewall traffic-class   <==added
   edit [Class-ID]              <==added
end                             <==added

Log & Report

Add CLI allowing user to configure socket priority and maximum log rate per remote log device.

Similar setting apply to config log fortiguard setting and config log syslogd setting.

Previous releases

6.2.2 release

config log fortianalyzer setting
end

config log fortianalyzer override-setting
end
config log fortianalyzer setting
   set priority [default | low]              <==added
   set max-log-rate [Log Rate, unit is MBps] <==added
end

config log fortianalyzer override-setting
   set priority [default | low]              <==added
   set max-log-rate [Log Rate, unit is MBps] <==added
end

Add the test command option in CLI.

Previous releases

6.2.2 release

diag test application miglogd
diag test application miglogd 40 <==added option "40"

SSH

Add file transfer scan over SSH (SCP and SFTP).

Previous releases

6.2.2 release

config ssh-filter profile
   edit [Profile Name]
      set default-command-log disable
   next
end
config ssh-filter profile
   edit [Profile Name]
      set block x11 shell exec port-forward tun-forward sftp scp unknown <==added scp
      set log x11 shell exec port-forward tun-forward sftp scp unknown   <==added scp
      set default-command-log disable
      config file-filter                  <==added
         set status enable                <==added
         set log enable                   <==added
         set scan-archive-contents enable <==added
         config entries                   <==added
            edit [Entry]                  <==added
               set comment ''             <==added
               set action block           <==added
               set direction any          <==added
               set password-protected any <==added
               set file-type "msoffice"   <==added
            next
         end
      end
   next
end

SSL VPN

Remove citrix and portforward from apptype in the three entries in SSL VPN web bookmark.

Previous releases

6.2.2 release

conf vpn ssl web user-bookmark
  edit [Name]
     config bookmarks
        edit [Boormark Name]
           set apptype ?
              citrix Citrix.            <==removed
              ftp FTP.
              portforward Port Forward. <==removed
              rdp RDP.
              sftp SFTP.
              smb SMB/CIFS.
              ssh SSH.
              telnet Telnet.
              vnc VNC.
              web HTTP/HTTPS.
        next
     end
  next
end

conf vpn ssl web user-group-bookmark
  edit [Name]
     config bookmarks
        edit [Boormark Name]
           set apptype ?
              citrix Citrix.            <==removed
              ftp FTP.
              portforward Port Forward. <==removed
              rdp RDP.
              sftp SFTP.
              smb SMB/CIFS.
              ssh SSH.
              telnet Telnet.
              vnc VNC.
              web HTTP/HTTPS.
        next
     end
  next
end

conf vpn ssl web portal
  edit [Name]
     config bookmarks
        edit [Boormark Name]
           set apptype ?
              citrix Citrix.            <==removed
              ftp FTP.
              portforward Port Forward. <==removed
              rdp RDP.
              sftp SFTP.
              smb SMB/CIFS.
              ssh SSH.
              telnet Telnet.
              vnc VNC.
              web HTTP/HTTPS.
        next
     end
  next
end
conf vpn ssl web user-bookmark
   edit [Name]
      config bookmarks
         edit [Boormark Name]
            set apptype ?
               ftp FTP.
               rdp RDP.
               sftp SFTP.
               smb SMB/CIFS.
               ssh SSH.
               telnet Telnet.
               vnc VNC.
               web HTTP/HTTPS.
         next
      end
   next
end

conf vpn ssl web user-group-bookmark
   edit [Name]
      config bookmarks
         edit [Boormark Name]
            set apptype ?
               ftp FTP.
               rdp RDP.
               sftp SFTP.
               smb SMB/CIFS.
               ssh SSH.
               telnet Telnet.
               vnc VNC.
               web HTTP/HTTPS.
         next
      end
   next
end

conf vpn ssl web portal
   edit [Name]
      config bookmarks
         edit [Boormark Name]
            set apptype ?
               ftp FTP.
               rdp RDP.
               sftp SFTP.
               smb SMB/CIFS.
               ssh SSH.
               telnet Telnet.
               vnc VNC.
               web HTTP/HTTPS.
         next
      end
   next
end

System

Add description in system security zones.

Previous releases

6.2.2 release

config system zone
   edit [Zone Name]
   next
end
config system zone
   edit [Zone Name]
      set description "" <==added
   next
end

Increase the maximum number of DNS servers supported in DHCP server from 3 to 4.

Previous releases

6.2.2 release

config system dhcp server
    edit [Server ID]
        set dns-server1 1.1.1.1
        set dns-server2 2.2.2.2
        set dns-server3 3.3.3.3
    next
end
config system dhcp server
    edit [Server ID]
        set dns-server1 1.1.1.1
        set dns-server2 2.2.2.2
        set dns-server3 3.3.3.3
        set dns-server4 4.4.4.4 <==added
    next
end

VM

Remove vdom-mode multi-vdom option for cloud-based ondemand FGT-VM.

Previous releases

6.2.2 release

config sys global
   set vdom-mode ?
      no-vdom Disable split/multiple VDOMs mode.
      split-vdom Enable split VDOMs mode.
      multi-vdom Enable multiple VDOMs mode. <==removed
end
config sys global
   set vdom-mode ?
      no-vdom Disable split/multiple VDOMs mode.
      split-vdom Enable split VDOMs mode.
end

Remove security rating from FGT_VMX and FGT_SVM.

Previous releases

6.2.2 release

diagnose security-rating version <==removed

Enable CPU hot plug in kernel configuration.

Previous releases

6.2.2 release

execute cpu show <==added
Active CPU number: 1
Total CPU number: 8

execute cpu add 1 <==added
Active CPU number: 2
Total CPU number: 8

Collect EIP from cloud VMs (Azure, AWS, GCP, AliCloud, and OCI).

Previous releases

6.2.2 release

pcui-cloudinit-test # execute <?>

config system global
   set sslvpn-cipher-hardware-acceleration <==removed
end
pcui-cloudinit-test # execute <?>
update-eip [Update external IP.] <==added

config system global
    ...
end

WiFi Controller

Add portal-type external-auth when captive-portal is enabled on local-bridge VAP.

Previous releases

6.2.2 release

config wireless-controller vap
   edit "wifi.fap.02"
      set ssid "bridge-captive"
      set local-bridging enable
      set security captive-portal
      set external-web "170.00.00.000/portal/index.php"
      set radius-server "peap"
   next
end
config wireless-controller vap
   edit "wifi.fap.02"
      set ssid "bridge-captive"
      set local-bridging enable
      set security captive-portal
      set portal-type external-auth <==added
      set external-web "170.00.00.000/portal/index.php"
      set radius-server "peap"
   next
end

Move darrp-optimize and darrp-optimize-schedules configurations from Global level to VDOM level.

Previous releases

6.2.2 release

### Global ###
   config wireless-controller timers
      set darrp-optimize 86400 <==removed
      set darrp-optimize-schedules "default-darrp-optimize" <==removed
   end
### VDOM ###
   config wireless-controller setting
      set darrp-optimize 86400 <==added
      set darrp-optimize-schedules "default-darrp-optimize" <==added
   end

Add external-web-format setting under captive-portal VAP when external portal is selected.

Previous releases

6.2.2 release

config wireless-controller vap
   edit guestwifi
      set ssid "GuestWiFi"
      set security captive-portal
      set external-web "http://170.00.00.000/portal/index.php"
      set selected-usergroups "Guest-group"
      set intra-vap-privacy enable
      set schedule "always"
   next
end
config wireless-controller vap
   edit guestwifi
      set ssid "GuestWiFi"
      set security captive-portal
      set external-web "http://170.00.00.000/portal/index.php"
      set selected-usergroups "Guest-group"
      set intra-vap-privacy enable
      set schedule "always"
      set external-web-format auto-detect <==added
   next
end

Add new WTP profiles FAPU431F-default and FAPU433F-default.

Previous releases

6.2.2 release

config wireless-controller wtp-profile
  edit [FAPU431F-default | FAPU433F-default]
      config platform
      end
config wireless-controller wtp-profile
  edit [FAPU431F-default | FAPU433F-default]
    config platform
      set type [U431F | U433F]       <==added
      set mode [dual-5G | single-5G] <==added
    end
config wireless-controller wtp-profile
    edit [FAPU431F-default | FAPU433F-default]
    next
end
config wireless-controller wtp-profile
    edit [FAPU431F-default | FAPU433F-default]
        config radio-1              <==added
            set band 802.11ax-5G    <==added
        end
        config radio-2              <==added
            set band 802.11ax-5G    <==added
        end
        config radio-3              <==added
            set band 802.11n,g-only <==added
        end
    next
end
config wireless-controller vap
    edit [SSID name]
    next
end
config wireless-controller vap
    edit [SSID name]
        set high-efficiency enable  <==added
        set target-wake-time enable <==added
    next
end

For DFS approved countries, add 160 MHz channel bonding support for FortiAP U421EV/U422EV/U423EV models.

Previous releases

6.2.2 release

config wireless-controller wtp-profile
    edit [ FAPU421EV-default | FAPU422EV-default | FAPU423EV-default ]
        config radio-2
            set band 802.11ac
        end
    next
end
config wireless-controller wtp-profile
    edit [ FAPU421EV-default | FAPU422EV-default | FAPU423EV-default ]
        config radio-2
            set band 802.11ac
            set channel-bonding 160MHz <==added
        end
    next
end

Add MPSK schedule that allows setting valid period for MPSK.

Previous releases

6.2.2 release

config wireless-controller vap
  edit [SSID Interface Name]
      set mpsk enable
      config mpsk-key
          edit [MPSK Entry Name]
              set passphrase 11111111
          next
      end
  next
end
config wireless-controller vap
  edit [SSID Interface Name]
      set mpsk enable
      config mpsk-key
          edit [MPSK Entry Name]
              set passphrase 11111111
              set mpsk-schedules "always" <==added
          next
      end
  next
end

Add GRE&L2TP support in WiFi.

Previous releases

6.2.2 release

config wireless-controller vap
    edit "80e_gre"
        set ssid "FOS-QA_Bruce_80e_gre"
        set local-bridging enable
        set vlanid 3135
    next
end
config wireless-controller wag-profile <==added
    edit [Profile Name]                <==added
end

config wireless-controller vap
    edit "80e_gre"
        set ssid "FOS-QA_Bruce_80e_gre"
        set local-bridging enable
        set vlanid 3135
        set primary-wag-profile "tunnel" <==added
        set secondary-wag-profile "l2tp" <==added
    next
end