Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 6.2.3
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Release Notes

    Home FortiGate / FortiOS 6.2.3 FortiOS Release Notes
    6.2.3
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    Changes in CLI defaults

    Changes in CLI defaults

    Routing
    • auxiliary-session {enable | disable} option added at the VDOM level. Use auxiliary-session enable to allow reply traffic to follow the best route instead of selecting the ingress interface in the original direction.
    System
    • Consolidate FortiTelemetry and capwap into fabric to allow Security Fabric access in system interface.

    Previous releases

    6.2.3 release

    		 
    config system interface
    edit <Port number>
        set allowaccess capwap <== Removed
        set fortiheartbeat <== Removed
    next 
end
    		 
    config system interface
    edit <Port number>
        set allowaccess fabric <== New
    next
end
    • Add execute factoryreset-shutdown to combine the functionality of the factory-reset and shutdown commands.
    • Add more functions for SMC NTP and the ability to get information from SMC NTP:
      config system smc-ntp <== New
    set ntpsync disable <== New
    set syncinterval 60 <== New
    set channel 5 <== New
end
    Web Filter
    • Enable file-filter password protected blocked for 7Z, RAR, PDF, MSOffice, and MSOfficeX.

    Previous releases

    6.2.3 release

    		 
    config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" <== only zip can be selected
                next
            end
        end
    next
end
    		 
    config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" "7z" "msoffice" "msofficex" "pdf" "rar" <==- changed
                next
            end
        end
    next
end
    WiFi Controller
    • FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

    Previous releases

    6.2.3 release

    		 
    config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
        end
        config radio-3
            set mode monitor
        end
    next
end
    		 
    config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11ax 802.11ax/n/g/b at 2.4GHz. <==added
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
                802.11ax,n-only 802.11ax/n at 2.4GHz. <==added
                802.11ax,n,g-only 802.11ax/n/g at 2.4GHz. <==added
                802.11ax-only 802.11ax at 2.4GHz.<==added
        end
        config radio-3
            set mode monitor
        end
    next
end
    Resolved Issues

    Bug ID

    Description

    497161

    Add function for SMC NTP on supported platforms.

    config system smc-ntp
    set ntpsync enable
    set syncinterval 120
    config ntpserver
        edit 1
            set server 208.91.114.98
        next
    end
end

    574882

    FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

    config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band 802.11ax
        end
        config radio-3
            set mode monitor
        end
    next
end

    579703

    Add hidden never option to session-ttl under firewall policy, firewall service, and system session-ttl.

    config firewall policy
    edit 201
        set uuid ec5fd00e-eadb-51e9-457d-db7097aab5a5
        set srcintf "wan1"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "TCP_8080"
        set logtraffic disable
        set session-ttl never
        set nat enable
    next
end

    582979

    Add DPDK related CLI commands.

    config dpdk global
    set status [enable | disable]
    set multiqueue [enable | disable]
    set sleep-on-idle [enable | disable]
    set elasticbuffer [enable | disable]
    set hugepage-percentage [Percentage of main memory allocated to huge pages]
    set mbufpool-percentage [Percentage of main memory allocated to DPDK packet buffer]
end
    config dpdk cpus
    set rx-cpus [CPUs enabled to run DPDK RX engines]
    set vnp-cpus [CPUs enabled to run DPDK VNP engines]
    set ips-cpus [CPUs enabled to run DPDK IPS engines]
    set tx-cpus [CPUs enabled to run DPDK TX engines]
end

    586935

    Add new execute factoryreset-shutdown command.

    588180

    Consolidate fortitelemetry and capwap into fabric for allowaccess in system.interface.

    config system interface 
    edit port4
        set allowaccess ?
        ping PING access.
        https HTTPS access.
        ssh SSH access.
        snmp SNMP access.
        http HTTP access.
        telnet TELNET access.
        fgfm FortiManager access.
        radius-acct RADIUS accounting access.
        probe-response Probe access.
        fabric Security Fabric access.
        ftm FTM access.
    next
end
    Previous
    Next

    Changes in CLI defaults

    Changes in CLI defaults

    Routing
    • auxiliary-session {enable | disable} option added at the VDOM level. Use auxiliary-session enable to allow reply traffic to follow the best route instead of selecting the ingress interface in the original direction.
    System
    • Consolidate FortiTelemetry and capwap into fabric to allow Security Fabric access in system interface.

    Previous releases

    6.2.3 release

    		 
    config system interface
    edit <Port number>
        set allowaccess capwap <== Removed
        set fortiheartbeat <== Removed
    next 
end
    		 
    config system interface
    edit <Port number>
        set allowaccess fabric <== New
    next
end
    • Add execute factoryreset-shutdown to combine the functionality of the factory-reset and shutdown commands.
    • Add more functions for SMC NTP and the ability to get information from SMC NTP:
      config system smc-ntp <== New
    set ntpsync disable <== New
    set syncinterval 60 <== New
    set channel 5 <== New
end
    Web Filter
    • Enable file-filter password protected blocked for 7Z, RAR, PDF, MSOffice, and MSOfficeX.

    Previous releases

    6.2.3 release

    		 
    config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" <== only zip can be selected
                next
            end
        end
    next
end
    		 
    config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" "7z" "msoffice" "msofficex" "pdf" "rar" <==- changed
                next
            end
        end
    next
end
    WiFi Controller
    • FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

    Previous releases

    6.2.3 release

    		 
    config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
        end
        config radio-3
            set mode monitor
        end
    next
end
    		 
    config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11ax 802.11ax/n/g/b at 2.4GHz. <==added
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
                802.11ax,n-only 802.11ax/n at 2.4GHz. <==added
                802.11ax,n,g-only 802.11ax/n/g at 2.4GHz. <==added
                802.11ax-only 802.11ax at 2.4GHz.<==added
        end
        config radio-3
            set mode monitor
        end
    next
end
    Resolved Issues

    Bug ID

    Description

    497161

    Add function for SMC NTP on supported platforms.

    config system smc-ntp
    set ntpsync enable
    set syncinterval 120
    config ntpserver
        edit 1
            set server 208.91.114.98
        next
    end
end

    574882

    FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

    config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band 802.11ax
        end
        config radio-3
            set mode monitor
        end
    next
end

    579703

    Add hidden never option to session-ttl under firewall policy, firewall service, and system session-ttl.

    config firewall policy
    edit 201
        set uuid ec5fd00e-eadb-51e9-457d-db7097aab5a5
        set srcintf "wan1"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "TCP_8080"
        set logtraffic disable
        set session-ttl never
        set nat enable
    next
end

    582979

    Add DPDK related CLI commands.

    config dpdk global
    set status [enable | disable]
    set multiqueue [enable | disable]
    set sleep-on-idle [enable | disable]
    set elasticbuffer [enable | disable]
    set hugepage-percentage [Percentage of main memory allocated to huge pages]
    set mbufpool-percentage [Percentage of main memory allocated to DPDK packet buffer]
end
    config dpdk cpus
    set rx-cpus [CPUs enabled to run DPDK RX engines]
    set vnp-cpus [CPUs enabled to run DPDK VNP engines]
    set ips-cpus [CPUs enabled to run DPDK IPS engines]
    set tx-cpus [CPUs enabled to run DPDK TX engines]
end

    586935

    Add new execute factoryreset-shutdown command.

    588180

    Consolidate fortitelemetry and capwap into fabric for allowaccess in system.interface.

    config system interface 
    edit port4
        set allowaccess ?
        ping PING access.
        https HTTPS access.
        ssh SSH access.
        snmp SNMP access.
        http HTTP access.
        telnet TELNET access.
        fgfm FortiManager access.
        radius-acct RADIUS accounting access.
        probe-response Probe access.
        fabric Security Fabric access.
        ftm FTM access.
    next
end
    Previous
    Next