Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 6.2.3 FortiOS Release Notes

Changes in CLI defaults

6.2.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 04593667-1177-11ea-9384-00505692583a:517622
Download PDF

Changes in CLI defaults

Routing
  • auxiliary-session {enable | disable} option added at the VDOM level. Use auxiliary-session enable to allow reply traffic to follow the best route instead of selecting the ingress interface in the original direction.
System
  • Consolidate FortiTelemetry and capwap into fabric to allow Security Fabric access in system interface.

Previous releases

6.2.3 release

 
config system interface
    edit <Port number>
        set allowaccess capwap <== Removed
        set fortiheartbeat <== Removed
    next 
end
 
config system interface
    edit <Port number>
        set allowaccess fabric <== New
    next
end
  • Add execute factoryreset-shutdown to combine the functionality of the factory-reset and shutdown commands.
  • Add more functions for SMC NTP and the ability to get information from SMC NTP:
    config system smc-ntp <== New
    set ntpsync disable <== New
    set syncinterval 60 <== New
    set channel 5 <== New
end
Web Filter
  • Enable file-filter password protected blocked for 7Z, RAR, PDF, MSOffice, and MSOfficeX.

Previous releases

6.2.3 release

 
config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" <== only zip can be selected
                next
            end
        end
    next
end
 
config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" "7z" "msoffice" "msofficex" "pdf" "rar" <==- changed
                next
            end
        end
    next
end
WiFi Controller
  • FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

Previous releases

6.2.3 release

 
config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
        end
        config radio-3
            set mode monitor
        end
    next
end
 
config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11ax 802.11ax/n/g/b at 2.4GHz. <==added
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
                802.11ax,n-only 802.11ax/n at 2.4GHz. <==added
                802.11ax,n,g-only 802.11ax/n/g at 2.4GHz. <==added
                802.11ax-only 802.11ax at 2.4GHz.<==added
        end
        config radio-3
            set mode monitor
        end
    next
end
Resolved Issues

Bug ID

Description

497161

Add function for SMC NTP on supported platforms.

config system smc-ntp
    set ntpsync enable
    set syncinterval 120
    config ntpserver
        edit 1
            set server 208.91.114.98
        next
    end
end

574882

FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band 802.11ax
        end
        config radio-3
            set mode monitor
        end
    next
end

579703

Add hidden never option to session-ttl under firewall policy, firewall service, and system session-ttl.

config firewall policy
    edit 201
        set uuid ec5fd00e-eadb-51e9-457d-db7097aab5a5
        set srcintf "wan1"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "TCP_8080"
        set logtraffic disable
        set session-ttl never
        set nat enable
    next
end

582979

Add DPDK related CLI commands.

config dpdk global
    set status [enable | disable]
    set multiqueue [enable | disable]
    set sleep-on-idle [enable | disable]
    set elasticbuffer [enable | disable]
    set hugepage-percentage [Percentage of main memory allocated to huge pages]
    set mbufpool-percentage [Percentage of main memory allocated to DPDK packet buffer]
end
config dpdk cpus
    set rx-cpus [CPUs enabled to run DPDK RX engines]
    set vnp-cpus [CPUs enabled to run DPDK VNP engines]
    set ips-cpus [CPUs enabled to run DPDK IPS engines]
    set tx-cpus [CPUs enabled to run DPDK TX engines]
end

586935

Add new execute factoryreset-shutdown command.

588180

Consolidate fortitelemetry and capwap into fabric for allowaccess in system.interface.

config system interface 
    edit port4
        set allowaccess ?
        ping PING access.
        https HTTPS access.
        ssh SSH access.
        snmp SNMP access.
        http HTTP access.
        telnet TELNET access.
        fgfm FortiManager access.
        radius-acct RADIUS accounting access.
        probe-response Probe access.
        fabric Security Fabric access.
        ftm FTM access.
    next
end
Previous
Next

Changes in CLI defaults

Routing
  • auxiliary-session {enable | disable} option added at the VDOM level. Use auxiliary-session enable to allow reply traffic to follow the best route instead of selecting the ingress interface in the original direction.
System
  • Consolidate FortiTelemetry and capwap into fabric to allow Security Fabric access in system interface.

Previous releases

6.2.3 release

 
config system interface
    edit <Port number>
        set allowaccess capwap <== Removed
        set fortiheartbeat <== Removed
    next 
end
 
config system interface
    edit <Port number>
        set allowaccess fabric <== New
    next
end
  • Add execute factoryreset-shutdown to combine the functionality of the factory-reset and shutdown commands.
  • Add more functions for SMC NTP and the ability to get information from SMC NTP:
    config system smc-ntp <== New
    set ntpsync disable <== New
    set syncinterval 60 <== New
    set channel 5 <== New
end
Web Filter
  • Enable file-filter password protected blocked for 7Z, RAR, PDF, MSOffice, and MSOfficeX.

Previous releases

6.2.3 release

 
config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" <== only zip can be selected
                next
            end
        end
    next
end
 
config webfilter profile
    edit "encrypted-web"
        set comment ''
        set replacemsg-group ''
        unset options
        config file-filter
            set status enable
            set log enable
            set scan-archive-contents enable
            config entries
                edit "1"
                    set comment ''
                    set protocol http ftp
                    set action log
                    set direction any
                    set password-protected yes
                    set file-type "zip" "7z" "msoffice" "msofficex" "pdf" "rar" <==- changed
                next
            end
        end
    next
end
WiFi Controller
  • FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

Previous releases

6.2.3 release

 
config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
        end
        config radio-3
            set mode monitor
        end
    next
end
 
config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band ?
                802.11b 802.11b.
                802.11g 802.11g/b.
                802.11n 802.11n/g/b at 2.4GHz.
                802.11ax 802.11ax/n/g/b at 2.4GHz. <==added
                802.11n,g-only 802.11n/g at 2.4GHz.
                802.11g-only 802.11g.
                802.11n-only 802.11n at 2.4GHz.
                802.11ax,n-only 802.11ax/n at 2.4GHz. <==added
                802.11ax,n,g-only 802.11ax/n/g at 2.4GHz. <==added
                802.11ax-only 802.11ax at 2.4GHz.<==added
        end
        config radio-3
            set mode monitor
        end
    next
end
Resolved Issues

Bug ID

Description

497161

Add function for SMC NTP on supported platforms.

config system smc-ntp
    set ntpsync enable
    set syncinterval 120
    config ntpserver
        edit 1
            set server 208.91.114.98
        next
    end
end

574882

FAP-U431F and FAP-U433F can support 802.11ax on 2.4 GHz radio-2 when the platform mode is single-5G.

config wireless-controller wtp-profile
    edit "FAPU431F-default"
        config platform
            set type U431F
            set mode single-5G
        end
        config radio-1
            set band 802.11ax-5G
        end
        config radio-2
            set band 802.11ax
        end
        config radio-3
            set mode monitor
        end
    next
end

579703

Add hidden never option to session-ttl under firewall policy, firewall service, and system session-ttl.

config firewall policy
    edit 201
        set uuid ec5fd00e-eadb-51e9-457d-db7097aab5a5
        set srcintf "wan1"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "TCP_8080"
        set logtraffic disable
        set session-ttl never
        set nat enable
    next
end

582979

Add DPDK related CLI commands.

config dpdk global
    set status [enable | disable]
    set multiqueue [enable | disable]
    set sleep-on-idle [enable | disable]
    set elasticbuffer [enable | disable]
    set hugepage-percentage [Percentage of main memory allocated to huge pages]
    set mbufpool-percentage [Percentage of main memory allocated to DPDK packet buffer]
end
config dpdk cpus
    set rx-cpus [CPUs enabled to run DPDK RX engines]
    set vnp-cpus [CPUs enabled to run DPDK VNP engines]
    set ips-cpus [CPUs enabled to run DPDK IPS engines]
    set tx-cpus [CPUs enabled to run DPDK TX engines]
end

586935

Add new execute factoryreset-shutdown command.

588180

Consolidate fortitelemetry and capwap into fabric for allowaccess in system.interface.

config system interface 
    edit port4
        set allowaccess ?
        ping PING access.
        https HTTPS access.
        ssh SSH access.
        snmp SNMP access.
        http HTTP access.
        telnet TELNET access.
        fgfm FortiManager access.
        radius-acct RADIUS accounting access.
        probe-response Probe access.
        fabric Security Fabric access.
        ftm FTM access.
    next
end
Previous
Next