DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
New Features
GUI
Getting started
Firmware upgrade notifications
Transfer a device to another FortiCloud account 6.4.1
FortiCare registration disclaimer 6.4.1
Dashboards and widgets
Consolidate Monitor and FortiView pages
IP address tooltips
View session information for a compromised host 6.4.1
Consolidated dashboard usability improvements 6.4.1
Add detachable CLI console tabs 6.4.2
Implement a user device store to centralize device data 6.4.3
Security Fabric
Fabric settings
Integrate FortiAnalyzer management into the Security Fabric using SAML SSO
Simplify FortiClient EMS setup
Simplify the synchronization of EMS tags and configurations
Allow FortiNAC to join the Security Fabric
Redesign Fortinet Fabric Connectors and Fabric setup pages
Display endpoints in Topology using donut chart
Using the root FortiGate with disk to store historic user and device information
Synchronizing objects across the Security Fabric
Streamlined Fortinet Security Fabric setup between FortiGates 6.4.2
Use an FQDN in FortiSandbox fabric connectors 6.4.2
FortiMail Security Fabric integration 6.4.2
Allow EMS Cloud configuration only when the entitlement is verified 6.4.3
Improvements to synchronizing objects across the Security Fabric 6.4.4
Detect FortiManager Cloud account level subscription 6.4.4
SDN connectors
SDN connector for Cisco ACI northbound API integration
Support multiple SDN connector instances for Cisco ACI and Nuage
Multifunction tooltip for Fabric connectors
Exchange Server connector with Kerberos KDC auto-discovery
Support IBM Cloud SDN connector 6.4.1
Support ServiceTag and Region for Azure SDN connector address objects 6.4.2
Multiple IP addresses on Cisco ACI connectors 6.4.4
Multiple clusters on Cisco ACI connectors 6.4.9
Update OpenStack SDNĀ connector to support the latest OpenStack releases 6.4.9
Automation stitches
Automation stitches
Slack notification action
NSX-T quarantine action 6.4.1
FortiNAC quarantine action for automation 6.4.2
Security ratings
Redesign Security Rating scorecards
Tests for FortiSwitch added to Security Rating 6.4.2
Security rating report in multi VDOM mode 6.4.3
Network
SD-WAN
SD-WAN event log subtype
SD-WAN logging improvement to identify matched application
SD-WAN configuration portability
SD-WAN log format improvements
SD-WAN monitor on ADVPN shortcuts
SD-WAN GUI and monitoring enhancements
Enhance ADVPN to support UDP hole punching for spokes behind NAT
SD-WAN health check packet enhancement
Weighted round robin for IPsec aggregate tunnels
Default_DNS performance SLA profile
Interface speedtest
Support SD-WAN integration with OCVPN
Allow FortiClient to join OCVPN
Support SD-WAN interface as a security zone 6.4.1
ADVPN hub and spoke VPN Wizard improvements 6.4.2
Allow MAC addresses to be used in SD-WAN rules and policy routes 6.4.2
Up to 1024 spokes in OCVPN 6.4.2
SD-WAN enhancements 6.4.2
Define SD-WAN duplication rules to duplicate packets on other members of the SD-WAN zone 6.4.2
Allow packet duplication on SD-WAN based on SD-WAN rules 6.4.3
BGP additional path limit increased to 255 6.4.3
SD-WAN IPv6 route tag 6.4.4
REST API to monitor SD-WAN SLAs for ADVPN shortcuts 6.4.5
General
Route leaking between VRFs
IBGP and EBGP support in VRF
Set minimum RIP update timer to one second
DHCP client options
Assign a subnet to FortiGate with the FortiIPAM service 6.4.1
VRF GUI support 6.4.2
Determine if recursive distance is evaluated in BGP's next hops under ECMP 6.4.2
PRP on SoC4 models 6.4.3
FN-TRAN-DSL module on FG-80F and FGR-60F-3G4G 6.4.9
Reset the VLAN DEI bit when passing through a FortiGate in NAT mode 6.4.9
FS-TRANS-FX module on FGR-60F and FGR-60F-3G4G 6.4.9
Inspect double-tagged traffic on virtual wire pairs 6.4.9
Support 802.1X on virtual switch for certain NP6 platforms 6.4.10
IPv6
IPv6 geography-based address support
Support for IPv6 in central SNAT table
FQDN support for remote gateways
MAP-E support 6.4.1
IPv6 MAC addresses and usage in firewall policies 6.4.2
Web proxy
Authentication support for upstream proxy in transparent proxy mode
Support TLS 1.3 for proxy forward servers in certificate inspection mode 6.4.1
System
General
Admin profile option for diagnostic access
FortinetOne renamed FortiCloud
No session timeout
Confirmation prompt when creating new VDOMs
FortiOS image signing and verification
Consistent style for replacement messages 6.4.2
Introduce maturity firmware levels 6.4.10
High availability
Force HA failover for testing and demonstrations
Support UTM inspection on asymmetric traffic in FGSP
Support UTM inspection on asymmetric traffic on L3
Add encryption for L3 on asymmetric traffic in FGSP
Override FortiAnalyzer and syslog server settings
Source interface setting for NetFlow data
Applying the session synchronization filter only between FGSP peers in an FGCP over FGSP topology 6.4.10
Optimized FGSP peer communication 6.4.10
SNMP
SNMP bridge MIB module support
Support SHA-2 for SNMPv3
SNMP traps and query for monitoring DHCP pool
SNMP polling extensions to support new OIDs 6.4.2
SNMP OIDs for port block allocations IP pool statistics 6.4.12
FortiGuard
Use anycast to communicate with FortiGuard servers
IoT detection service
Display cloud service communications statistics
Support third party CA signed certificates with OCSP stapling 6.4.2
FDS-only ISDB package in firmware images 6.4.10
Security
Enhance BIOS-level signature and file integrity checking 6.4.13
Real-time file system integrity checking 6.4.13
Policy and Objects
Policies
Support SSL mirroring in proxy mode
Consolidated IPv4 and IPv6 policy configuration
UUID field added to all policy types
SNAT support for policies with virtual wire pairs
Interface-based traffic shaping with NP acceleration
Ingress traffic shaping profile 6.4.7
Objects
Array structure for address objects
Allow creation of ISDB objects with regional information
IP definitions database merged into the internet service database
Extend ISDB to include well-known MAC address list
GeoIP matching by registered and physical location
Group address objects synchronized from FortiManager
Increase in maximum number of VIP real servers
GUI support for real server configurations using address objects 6.4.2
Security profiles
Antivirus
Security Profiles enhancements
Antivirus uses the extended database by default
Scan compressed messages over CIFS protocol in proxy mode 6.4.2
Application control
SSL-based application detection over decrypted traffic in a sandwich topology
Matching multiple parameters on application control signatures
Allow exclusion of signatures in application control profile 6.4.3
Web filter
Credential phishing prevention
Explicitly enable custom categories for web filter profiles, SSL/SSH inspection profiles, and proxy addresses 6.4.2
Configure web filter profiles in NGFW policy mode 6.4.2
Remove the option to rate images by URL in Web filter profiles 6.4.3
Rating submission link on web filter block and warning pages 6.4.5
IPS
Detecting IEC 61850 MMS protocol in IPS
IPS signature filter options 6.4.2
Others
Redirect to WAD after handshake completion
ICAP response filtering
Separate file filter into a standalone profile 6.4.1
Handling SSL offloaded traffic from an external decryption device in flow mode 6.4.4
VPN
IPsec and SSL VPN
Dynamic address support for SSL VPN policies
NAS-IP support per SSL VPN realm
Support defining gateway IP addresses in IPsec with mode-config and DHCP
Provision SSL VPN users in FortiClient Mobile with an email or SMS message 6.4.2
Configure DSCP for IPsec tunnels 6.4.3
User and authentication
Authentication
SAML SP for VPN authentication
Support for Okta RADIUS attributes filter-Id and class
Multiple LDAP servers in Kerberos keytabs and agentless NTLM domain controllers 6.4.3
Traffic shaping based on dynamic RADIUS VSAs 6.4.6
Secure access
Wireless
Wireless IPv6 support
Tunnel mode SSID IPv6 traffic
Local bridge mode SSID IPv6 traffic
CLI commands for IPv6 rules
Support for spectrum analysis of FortiAPĀ EĀ models
Increase in maximum number of managed FortiAPs
Even distribution of FortiAP reports
View detailed information for individual WiFi connections
VLAN probe report
FortiAP client load balancing per AP
Layer three ACL configurations for Wireless APs
Maintain radio SSID WLAN IDs
Support for FAP431F and FAP433F
Support logging the signal-to-noise ratio and signal strength per client 6.4.1
Simplify BLE profiles to support broadcast of FortiAP UUID 6.4.2
Add ARRP profile for wireless controller 6.4.2
Extend spectrum analysis to support FortiAPs with three radios 6.4.2
Antenna Rx chain status check and notification 6.4.2
Standardize wireless health metrics 6.4.2
FortiAP query to FortiGuard IoT service to determine device details 6.4.2
Enhance MPSK functionalities for wireless controller 6.4.2
Adaptive radio architecture support 6.4.3
Support 802.11v optimized roaming and load balancing 6.4.3
Support IGMP Snooping (Wireless) 6.4.3
Use FortiGate to register managed FortiAP to FortiCloud 6.4.3
Add fields for wireless DHCP logs 6.4.3
Dynamic VLAN assignment using RADIUS attribute string 6.4.6
Switch controller
Switch controller - quarantine by redirect
VLAN interface templates for FortiSwitch devices
Improved FortiSwitch support
GUI support for FortiLink groups
FortiSwitch link status visibility improvements
SNMP queries to the FortiGate Switch Controller for FortiSwitch and port information 6.4.2
Allow FortiSwitch Trunk mode selection on FortiGate 6.4.2
Send multiple RADIUS attribute values in a single RADIUS Access-Request 6.4.2
ECN configuration for managed FortiSwitch devices 6.4.2
Configure PTP Transparent Clock mode for managed FortiSwitch devices 6.4.2
Inter-operability with per instance RSTP 802.1w 6.4.2
FortiGate HA between remote sites over managed FortiSwitches 6.4.2
Register FortiSwitch to FortiCloud from the GUI 6.4.2
GUI support for multiple FortiLink interfaces 6.4.2
Switch controller option to control the sources used to update the user device list 6.4.2
Add a FortiSwitch Diagnostics and Tools pane 6.4.2
Log sub-category for switch controller 6.4.3
Configure LLDP settings on a switch port that is leased to a tenant VDOM 6.4.3
Add a RADIUS timeout VLAN to a security policy 6.4.3
Add option to enable flow control and pause metering 6.4.3
Allow switch controller to set source IP for outbound connections 6.4.3
Enable IoT background scanning 6.4.3
NAC
Support NAC policies on switch ports
Added ability in FortiSwitch to query FortiGuard IoT service for device details
FortiSwitch voice device detection
Extend NAC matching condition to include EMS tags 6.4.2
FortiExtender
Support FortiExtender models with two modems 6.4.2
Support data plan profiles for FortiExtender 6.4.2
Log and report
Logging
Log buffer on FortiGates with an SSD disk
WAD and Proxyd SSL logging improvement
WAN interface bandwidth log
Include RSSO information for authenticated destination users in logs 6.4.1
Application logging in NGFW policy mode 6.4.2
Send traffic logs to FortiAnalyzer Cloud 6.4.4
Log updates to dynamic objects 6.4.5
Cloud
Public and private cloud
Simplify Azure Fabric connector configuration for a FortiGate-VM deployed on Azure
Support filtering on AWS autoscaling group for dynamic address objects
Support dynamic address objects in real servers under virtual server load balance
Support up to 24 interfaces on FortiGate VM
Enhanced autoscale clusters for FortiGate VM
Support FortiGate-VM in IBM Cloud platform 6.4.2
Obtaining a FortiCare-generated license for Azure on-demand instances 6.4.2
Configure FQDN-based VIPs from the GUI 6.4.2
Enhance the display of VM autoscale member information 6.4.2
Support for new VM bandwidth-limited SKUs 6.4.2
FOS support of VM-ELA (FortiFlex) 6.4.2
Liveness detection on NSX-T 6.4.3
Add FIPS cipher mode for AWS and Azure FortiGate VMs 6.4.3
IMDSv2 for FortiGate-VM on AWS 6.4.3
Add VDOM support for NSX-T 6.4.3
Support OCI compute shapes that use Mellanox network cards 6.4.3
Support AWS transit gateway connect attachment and connect peer 6.4.3
Support OCI IMDSv2 6.4.4
GENEVE support for AWS gateway load balancer 6.4.4
Nutanix service chaining 6.4.5
Support multiple GCP projects in a single SDN connector 6.4.7
Ciphers added to fips-ciphers mode on FortiGate-VM 6.4.7
FortiCarrier
GTP
IPv6 support for GTP 6.4.2
Add fields to correlate between traffic, GTP, and UTM logs 6.4.2
Multiple identities from the ULI field in GTP logs 6.4.2
NPU support for GTP-U encapsulated in IPv6 6.4.3
FortiASIC
Hardware acceleration
Use CP9/SoC3 entropy source
Identify the XAUI link used for a specific traffic stream
Change Log
Home
FortiGate / FortiOS 6.4.0
New Features
6.4.0
7.6.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
GUI
GUI
This section includes new features related to the FortiOS GUI:
Getting started
Dashboards and widgets
Previous
Next
GUI
GUI
This section includes new features related to the FortiOS GUI:
Getting started
Dashboards and widgets
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
GUI
Getting started
Firmware upgrade notifications
Transfer a device to another FortiCloud account 6.4.1
FortiCare registration disclaimer 6.4.1
Dashboards and widgets
Consolidate Monitor and FortiView pages
IP address tooltips
View session information for a compromised host 6.4.1
Consolidated dashboard usability improvements 6.4.1
Add detachable CLI console tabs 6.4.2
Implement a user device store to centralize device data 6.4.3
Security Fabric
Fabric settings
Integrate FortiAnalyzer management into the Security Fabric using SAML SSO
Simplify FortiClient EMS setup
Simplify the synchronization of EMS tags and configurations
Allow FortiNAC to join the Security Fabric
Redesign Fortinet Fabric Connectors and Fabric setup pages
Display endpoints in Topology using donut chart
Using the root FortiGate with disk to store historic user and device information
Synchronizing objects across the Security Fabric
Streamlined Fortinet Security Fabric setup between FortiGates 6.4.2
Use an FQDN in FortiSandbox fabric connectors 6.4.2
FortiMail Security Fabric integration 6.4.2
Allow EMS Cloud configuration only when the entitlement is verified 6.4.3
Improvements to synchronizing objects across the Security Fabric 6.4.4
Detect FortiManager Cloud account level subscription 6.4.4
SDN connectors
SDN connector for Cisco ACI northbound API integration
Support multiple SDN connector instances for Cisco ACI and Nuage
Multifunction tooltip for Fabric connectors
Exchange Server connector with Kerberos KDC auto-discovery
Support IBM Cloud SDN connector 6.4.1
Support ServiceTag and Region for Azure SDN connector address objects 6.4.2
Multiple IP addresses on Cisco ACI connectors 6.4.4
Multiple clusters on Cisco ACI connectors 6.4.9
Update OpenStack SDNĀ connector to support the latest OpenStack releases 6.4.9
Automation stitches
Automation stitches
Slack notification action
NSX-T quarantine action 6.4.1
FortiNAC quarantine action for automation 6.4.2
Security ratings
Redesign Security Rating scorecards
Tests for FortiSwitch added to Security Rating 6.4.2
Security rating report in multi VDOM mode 6.4.3
Network
SD-WAN
SD-WAN event log subtype
SD-WAN logging improvement to identify matched application
SD-WAN configuration portability
SD-WAN log format improvements
SD-WAN monitor on ADVPN shortcuts
SD-WAN GUI and monitoring enhancements
Enhance ADVPN to support UDP hole punching for spokes behind NAT
SD-WAN health check packet enhancement
Weighted round robin for IPsec aggregate tunnels
Default_DNS performance SLA profile
Interface speedtest
Support SD-WAN integration with OCVPN
Allow FortiClient to join OCVPN
Support SD-WAN interface as a security zone 6.4.1
ADVPN hub and spoke VPN Wizard improvements 6.4.2
Allow MAC addresses to be used in SD-WAN rules and policy routes 6.4.2
Up to 1024 spokes in OCVPN 6.4.2
SD-WAN enhancements 6.4.2
Define SD-WAN duplication rules to duplicate packets on other members of the SD-WAN zone 6.4.2
Allow packet duplication on SD-WAN based on SD-WAN rules 6.4.3
BGP additional path limit increased to 255 6.4.3
SD-WAN IPv6 route tag 6.4.4
REST API to monitor SD-WAN SLAs for ADVPN shortcuts 6.4.5
General
Route leaking between VRFs
IBGP and EBGP support in VRF
Set minimum RIP update timer to one second
DHCP client options
Assign a subnet to FortiGate with the FortiIPAM service 6.4.1
VRF GUI support 6.4.2
Determine if recursive distance is evaluated in BGP's next hops under ECMP 6.4.2
PRP on SoC4 models 6.4.3
FN-TRAN-DSL module on FG-80F and FGR-60F-3G4G 6.4.9
Reset the VLAN DEI bit when passing through a FortiGate in NAT mode 6.4.9
FS-TRANS-FX module on FGR-60F and FGR-60F-3G4G 6.4.9
Inspect double-tagged traffic on virtual wire pairs 6.4.9
Support 802.1X on virtual switch for certain NP6 platforms 6.4.10
IPv6
IPv6 geography-based address support
Support for IPv6 in central SNAT table
FQDN support for remote gateways
MAP-E support 6.4.1
IPv6 MAC addresses and usage in firewall policies 6.4.2
Web proxy
Authentication support for upstream proxy in transparent proxy mode
Support TLS 1.3 for proxy forward servers in certificate inspection mode 6.4.1
System
General
Admin profile option for diagnostic access
FortinetOne renamed FortiCloud
No session timeout
Confirmation prompt when creating new VDOMs
FortiOS image signing and verification
Consistent style for replacement messages 6.4.2
Introduce maturity firmware levels 6.4.10
High availability
Force HA failover for testing and demonstrations
Support UTM inspection on asymmetric traffic in FGSP
Support UTM inspection on asymmetric traffic on L3
Add encryption for L3 on asymmetric traffic in FGSP
Override FortiAnalyzer and syslog server settings
Source interface setting for NetFlow data
Applying the session synchronization filter only between FGSP peers in an FGCP over FGSP topology 6.4.10
Optimized FGSP peer communication 6.4.10
SNMP
SNMP bridge MIB module support
Support SHA-2 for SNMPv3
SNMP traps and query for monitoring DHCP pool
SNMP polling extensions to support new OIDs 6.4.2
SNMP OIDs for port block allocations IP pool statistics 6.4.12
FortiGuard
Use anycast to communicate with FortiGuard servers
IoT detection service
Display cloud service communications statistics
Support third party CA signed certificates with OCSP stapling 6.4.2
FDS-only ISDB package in firmware images 6.4.10
Security
Enhance BIOS-level signature and file integrity checking 6.4.13
Real-time file system integrity checking 6.4.13
Policy and Objects
Policies
Support SSL mirroring in proxy mode
Consolidated IPv4 and IPv6 policy configuration
UUID field added to all policy types
SNAT support for policies with virtual wire pairs
Interface-based traffic shaping with NP acceleration
Ingress traffic shaping profile 6.4.7
Objects
Array structure for address objects
Allow creation of ISDB objects with regional information
IP definitions database merged into the internet service database
Extend ISDB to include well-known MAC address list
GeoIP matching by registered and physical location
Group address objects synchronized from FortiManager
Increase in maximum number of VIP real servers
GUI support for real server configurations using address objects 6.4.2
Security profiles
Antivirus
Security Profiles enhancements
Antivirus uses the extended database by default
Scan compressed messages over CIFS protocol in proxy mode 6.4.2
Application control
SSL-based application detection over decrypted traffic in a sandwich topology
Matching multiple parameters on application control signatures
Allow exclusion of signatures in application control profile 6.4.3
Web filter
Credential phishing prevention
Explicitly enable custom categories for web filter profiles, SSL/SSH inspection profiles, and proxy addresses 6.4.2
Configure web filter profiles in NGFW policy mode 6.4.2
Remove the option to rate images by URL in Web filter profiles 6.4.3
Rating submission link on web filter block and warning pages 6.4.5
IPS
Detecting IEC 61850 MMS protocol in IPS
IPS signature filter options 6.4.2
Others
Redirect to WAD after handshake completion
ICAP response filtering
Separate file filter into a standalone profile 6.4.1
Handling SSL offloaded traffic from an external decryption device in flow mode 6.4.4
VPN
IPsec and SSL VPN
Dynamic address support for SSL VPN policies
NAS-IP support per SSL VPN realm
Support defining gateway IP addresses in IPsec with mode-config and DHCP
Provision SSL VPN users in FortiClient Mobile with an email or SMS message 6.4.2
Configure DSCP for IPsec tunnels 6.4.3
User and authentication
Authentication
SAML SP for VPN authentication
Support for Okta RADIUS attributes filter-Id and class
Multiple LDAP servers in Kerberos keytabs and agentless NTLM domain controllers 6.4.3
Traffic shaping based on dynamic RADIUS VSAs 6.4.6
Secure access
Wireless
Wireless IPv6 support
Tunnel mode SSID IPv6 traffic
Local bridge mode SSID IPv6 traffic
CLI commands for IPv6 rules
Support for spectrum analysis of FortiAPĀ EĀ models
Increase in maximum number of managed FortiAPs
Even distribution of FortiAP reports
View detailed information for individual WiFi connections
VLAN probe report
FortiAP client load balancing per AP
Layer three ACL configurations for Wireless APs
Maintain radio SSID WLAN IDs
Support for FAP431F and FAP433F
Support logging the signal-to-noise ratio and signal strength per client 6.4.1
Simplify BLE profiles to support broadcast of FortiAP UUID 6.4.2
Add ARRP profile for wireless controller 6.4.2
Extend spectrum analysis to support FortiAPs with three radios 6.4.2
Antenna Rx chain status check and notification 6.4.2
Standardize wireless health metrics 6.4.2
FortiAP query to FortiGuard IoT service to determine device details 6.4.2
Enhance MPSK functionalities for wireless controller 6.4.2
Adaptive radio architecture support 6.4.3
Support 802.11v optimized roaming and load balancing 6.4.3
Support IGMP Snooping (Wireless) 6.4.3
Use FortiGate to register managed FortiAP to FortiCloud 6.4.3
Add fields for wireless DHCP logs 6.4.3
Dynamic VLAN assignment using RADIUS attribute string 6.4.6
Switch controller
Switch controller - quarantine by redirect
VLAN interface templates for FortiSwitch devices
Improved FortiSwitch support
GUI support for FortiLink groups
FortiSwitch link status visibility improvements
SNMP queries to the FortiGate Switch Controller for FortiSwitch and port information 6.4.2
Allow FortiSwitch Trunk mode selection on FortiGate 6.4.2
Send multiple RADIUS attribute values in a single RADIUS Access-Request 6.4.2
ECN configuration for managed FortiSwitch devices 6.4.2
Configure PTP Transparent Clock mode for managed FortiSwitch devices 6.4.2
Inter-operability with per instance RSTP 802.1w 6.4.2
FortiGate HA between remote sites over managed FortiSwitches 6.4.2
Register FortiSwitch to FortiCloud from the GUI 6.4.2
GUI support for multiple FortiLink interfaces 6.4.2
Switch controller option to control the sources used to update the user device list 6.4.2
Add a FortiSwitch Diagnostics and Tools pane 6.4.2
Log sub-category for switch controller 6.4.3
Configure LLDP settings on a switch port that is leased to a tenant VDOM 6.4.3
Add a RADIUS timeout VLAN to a security policy 6.4.3
Add option to enable flow control and pause metering 6.4.3
Allow switch controller to set source IP for outbound connections 6.4.3
Enable IoT background scanning 6.4.3
NAC
Support NAC policies on switch ports
Added ability in FortiSwitch to query FortiGuard IoT service for device details
FortiSwitch voice device detection
Extend NAC matching condition to include EMS tags 6.4.2
FortiExtender
Support FortiExtender models with two modems 6.4.2
Support data plan profiles for FortiExtender 6.4.2
Log and report
Logging
Log buffer on FortiGates with an SSD disk
WAD and Proxyd SSL logging improvement
WAN interface bandwidth log
Include RSSO information for authenticated destination users in logs 6.4.1
Application logging in NGFW policy mode 6.4.2
Send traffic logs to FortiAnalyzer Cloud 6.4.4
Log updates to dynamic objects 6.4.5
Cloud
Public and private cloud
Simplify Azure Fabric connector configuration for a FortiGate-VM deployed on Azure
Support filtering on AWS autoscaling group for dynamic address objects
Support dynamic address objects in real servers under virtual server load balance
Support up to 24 interfaces on FortiGate VM
Enhanced autoscale clusters for FortiGate VM
Support FortiGate-VM in IBM Cloud platform 6.4.2
Obtaining a FortiCare-generated license for Azure on-demand instances 6.4.2
Configure FQDN-based VIPs from the GUI 6.4.2
Enhance the display of VM autoscale member information 6.4.2
Support for new VM bandwidth-limited SKUs 6.4.2
FOS support of VM-ELA (FortiFlex) 6.4.2
Liveness detection on NSX-T 6.4.3
Add FIPS cipher mode for AWS and Azure FortiGate VMs 6.4.3
IMDSv2 for FortiGate-VM on AWS 6.4.3
Add VDOM support for NSX-T 6.4.3
Support OCI compute shapes that use Mellanox network cards 6.4.3
Support AWS transit gateway connect attachment and connect peer 6.4.3
Support OCI IMDSv2 6.4.4
GENEVE support for AWS gateway load balancer 6.4.4
Nutanix service chaining 6.4.5
Support multiple GCP projects in a single SDN connector 6.4.7
Ciphers added to fips-ciphers mode on FortiGate-VM 6.4.7
FortiCarrier
GTP
IPv6 support for GTP 6.4.2
Add fields to correlate between traffic, GTP, and UTM logs 6.4.2
Multiple identities from the ULI field in GTP logs 6.4.2
NPU support for GTP-U encapsulated in IPv6 6.4.3
FortiASIC
Hardware acceleration
Use CP9/SoC3 entropy source
Identify the XAUI link used for a specific traffic stream
Change Log