Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 6.4.1 FortiOS Release Notes

Changes in CLI

6.4.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 54ff4ad3-7e83-11ea-9384-00505692583a:517622
Download PDF

Changes in CLI

Bug ID

Description

466868

The vap-all options for wtp-profile and wtp (with override-vaps enabled) have changed to tunnel, bridge, and manual.

config wireless-controller wtp-profile
    edit FAP-Profile
        config radio-1
            set vap-all {tunnel | bridge | manual}
        end
    next
end

The wtp-mode setting was removed from config wireless-controller wtp.

The traffic mode for FortiAP, tunnel or bridge, is automatically determined by the SSID selection.

603846

Support DNS-over-TLS connections to FortiGuard secure DNS server. Options are only available when fortiguard-anycast is enabled.

config system fortiguard
    set fortiguard-anycast enable
    set fortiguard-anycast-source fortinet <==added
    set anycast-sdns-server-ip 0.0.0.0 <==added
    set anycast-sdns-server-port 853 <==added
end

605817

Add support for IBM Cloud SDN connector. FortiGates can define dynamic firewall addresses obtained from the IBM Cloud.

config system sdn-connector
    edit <ibm-connector>
        set type ibm <==added
        set api-key <key>
        set compute-generation <gen>
        set ibm-region-gen1 <region>
    next
end
config firewall address
    edit <dynamic address>
        set type dynamic
        set sub-type sdn
        set sdn <ibm-connector>
        set filter <filter> <==added
    next
end

613730

Add subscription-id attribute for route table in Azure SDN configuration to allow route table updating in a different subscription.

config system sdn-connector
    edit "azsdn"
    config route-table
        edit "xxxxxxxxx-rtb1"
            set subscription-id "xxxxxxxxxxxxxxx" <==added
            set resource-group "xxxxxxxxx"
            config route
                edit "internal-forward"
                    set next-hop "172.28.5.4"
                next
            end
        next
    end
end

616335

For VMware NSX SDN connector, add new CLI to support vCenter credentials so FortiGate can resolve NSX-T VMs and apply an NSX automation stitch to it.

config system sdn-connector 
    edit <nsx server>
        set vcenter-server <server>
        set vcenter-username <username>
        set vcenter-password <password>
    next
end

625840

Add diagnose system top-all to show kernel process.
Previous
Next

Changes in CLI

Bug ID

Description

466868

The vap-all options for wtp-profile and wtp (with override-vaps enabled) have changed to tunnel, bridge, and manual.

config wireless-controller wtp-profile
    edit FAP-Profile
        config radio-1
            set vap-all {tunnel | bridge | manual}
        end
    next
end

The wtp-mode setting was removed from config wireless-controller wtp.

The traffic mode for FortiAP, tunnel or bridge, is automatically determined by the SSID selection.

603846

Support DNS-over-TLS connections to FortiGuard secure DNS server. Options are only available when fortiguard-anycast is enabled.

config system fortiguard
    set fortiguard-anycast enable
    set fortiguard-anycast-source fortinet <==added
    set anycast-sdns-server-ip 0.0.0.0 <==added
    set anycast-sdns-server-port 853 <==added
end

605817

Add support for IBM Cloud SDN connector. FortiGates can define dynamic firewall addresses obtained from the IBM Cloud.

config system sdn-connector
    edit <ibm-connector>
        set type ibm <==added
        set api-key <key>
        set compute-generation <gen>
        set ibm-region-gen1 <region>
    next
end
config firewall address
    edit <dynamic address>
        set type dynamic
        set sub-type sdn
        set sdn <ibm-connector>
        set filter <filter> <==added
    next
end

613730

Add subscription-id attribute for route table in Azure SDN configuration to allow route table updating in a different subscription.

config system sdn-connector
    edit "azsdn"
    config route-table
        edit "xxxxxxxxx-rtb1"
            set subscription-id "xxxxxxxxxxxxxxx" <==added
            set resource-group "xxxxxxxxx"
            config route
                edit "internal-forward"
                    set next-hop "172.28.5.4"
                next
            end
        next
    end
end

616335

For VMware NSX SDN connector, add new CLI to support vCenter credentials so FortiGate can resolve NSX-T VMs and apply an NSX automation stitch to it.

config system sdn-connector 
    edit <nsx server>
        set vcenter-server <server>
        set vcenter-username <username>
        set vcenter-password <password>
    next
end

625840

Add diagnose system top-all to show kernel process.
Previous
Next