New features or enhancements
More detailed information is available in the New Features Guide.
Bug ID |
Description |
---|---|
480717 |
Add |
555169 |
FortiToken Cloud GUI enhancements:
|
556054 |
With the newly-added compression methods used in the CIFS messages, FortiGates can now scan these compressed messages in proxy mode. |
562031 |
Support security policy config firewall security-policy edit <policyid> ... set srcaddr-negate[enable|disable] set dstaddr-negate [enable|disable] ... next end |
573076 |
FortiGate generates a UUID for every managed FortiAP (WTP entry). A new BLE profile, |
589621 |
New Azure on-demand and upgraded instances can retrieve a FortiGate serial number and license from FortiCare servers. Using the serial number, users can register the device to their account and start using FortiToken and FortiGate Cloud services. |
596002 |
Add two new tables to the FortiOS enterprise MIB: FgSwDeviceEntry for details about connected FortiSwitches and FgSwPortEntry for port related information. |
596870 |
Add kernel support for the IEEE 802.1ad (QinQ) standard. Previously, the 802.1Q standard allowed a single VLAN header to be inserted into an Ethernet frame. This new feature allows one more VLAN tag to be inserted into a single frame. |
597301 |
Display information about autoscale members in the GUI and CLI, such as their serial number, IP address, instance ID, and transit gateway (AWS only). |
600037 |
BSS coloring support on FAP-U431F/U433F (802.11ax AP). |
606167 |
When the network monitor feature is enabled on the switch controller, the |
608557 |
Support proxy server for push service. |
610596 |
Users can define IPv6 MAC addresses and apply them in a firewall policy, virtual wire pair policy, and other policy types. |
610990 |
Add IPv6 only and IPv4v6 dual stack support for GTPv1 and GTPv2 on FortiOS Carrier. |
614924 |
Users can configure automation with the Quarantine via FortiNAC action when setting triggers for Compromised Host or Incoming Webhook. When the automation is triggered, the client PC will be quarantined with its MAC address disabled in the configured FortiNAC. |
617640 |
Add new filter keys |
620994 |
For FortiAP models with three radios, spectrum analysis can be performed on the thrid radio on all channels from the 2.4 GHz and 5 GHz bands. On FortiAPs with two radios operating in AP mode, spectrum analysis can be performed on operating channels. |
621714 |
For the purpose of communicating timing precision between two ends, transparent clock can be enabled to measure the overall path delay. This feature allows the FortiGate to configure this setting for supported FortiSwitch models. |
621742 |
Add support to configure the FortiSwitch to send multiple RADIUS attribute values within a single RADIUS access request. |
621746 |
Support explicit congestion notification (ECN) configuration for managed FortiSwitch. |
621757 |
Add support to configure switch ports to enable inter-operability with rapid PVST+ on managed FortiSwitches. |
622291 |
Health metrics calculations are standardized in the backend, and consistent colors are used to represent good, fair, and poor metrics. In addition, the health data is now available through a REST API. |
623821 |
For WiFi clients associated with a bridge SSID on a FortiAP that is connected to an Ethernet interface of a FortiGate, the DHCP Monitor widget can indicate the AP bridge and the SSID name in the Interface column of those clients' IP leases. In the CLI, config wireless-controller vap edit VAP01 set dhcp-option43-insertion {enable | disable} next end By default, The minimum version required for FAP-U is 6.0.3. The minimum version required for FAP-W2 is 6.4.1. |
629530 |
Support running BYOL FortiGate VMs on IBM Cloud platform. |
630238 |
Allow configuration of up to 16 FGSP standalone peers in |
630881 |
Various new scenarios are added in Security Rating to test the FortiSwitch network and make recommendations to optimize the setup. |
631818 |
Add new OIDs to support SNMP queries for IPv4 and IPv6 IPsec tunnels, and SNMP queries for license details. |
635717 |
Monitoring FortiAP antenna (per Rx chain) status and logging wireless events upon antenna defect detection. |
635795 |
The ARRP profile improves upon DARRP by enabling more factors to be considered for optimizing channel selection among FortiAPs. |
637508 |
Add CLI commands to improve WAD debugging.
|
637829 |
Support adding FortiMail to the Security Fabric with standard authorization steps using FortiMail's certificate. As part of the Security Fabric, FortiMail appears in the Fabric navigation, topologies, Fabric widgets and under Security Rating. |
637946 |
Replace previous slide-out terminal with a full page masking terminal. Allow admins to open multiple CLI consoles that can be minimized. |
638975 |
SD-WAN and policy route now allow users to choose the device MAC address object as source. In addition, the FABRIC_DEVICE object can also be used in SD-WAN and policy route. |
639590 |
In NGFW mode application control logs will be generated when an application, application category, or application group is selected on a security policy and log traffic is set to UTM or all. In addition, when one signature is accepted under the security policy, all child signatures are assessed and logged correspondingly. |
640563 |
The default command to restrict FortiLink interfaces to one interface has been removed. The GUI will now display multiple FortiLink interfaces if more than one interface has FortiLink enabled from the CLI. |
641152 |
New bandwidth-limited VM licenses allow VM deployments with limited bandwidth usage per interface. Dedicated management interfaces are exempt from calculation. |
641928 |
Add an option to control whether BGP's ECMP next hops can use recursive distance to determine which of them should be installed. config router bgp set multipath-recursive-distance {enable | disable} end If the next hop is resolved by connected route, its distance will be 0. If it is resolved by another route, its distance will be same as that route. Only the shortest next hop can form ECMP routes and be installed into the kernel when this option is enabled. |
641990 |
The |
642898 |
The following options are configurable in the flow-based web filter security profile in NGFW policy mode, and they can be applied to a security policy:
|
643616 |
Support FortiAP to query FortiGuard IoT service through FortiGate to determine device details. |
643912 |
Sometimes it is necessary to map a VIP to an FQDN address. This setting can now be configured from the GUI. |
644049 |
Enhancements to multiple pre-shared key per SSID include the ability to batch generate or import MPSK keys, export keys to CSV, dynamically assign VLANs based on the MPSK used, and to apply an MPSK schedule in the GUI. |
645140 |
Tunnel ID is added to traffic logs and GTP logs for GTP related traffic in order to correlate the sessions. |
647550 |
Add a FortiSwitch Diagnostics and Tools option in tooltips and the right-side gutter that reports the general health of the FortiSwitch, displays details about the FortiSwitch, and allows running diagnostic tests. The following can be done from the Diagnostics and Tools pane:
|
648568 |
In additional to servers added in 6.4.0, FortiGuard servers for GeoIP, DDNS, and FortiToken Mobile registration now support third-party CA signed certificates with OCSP stapling. |
648604 |
For user location information (ULI) in GTP, it may contain more than one identity of different type. This log enhancement displays all identity information in GTP logs. |
651206 |
The GUI in the downstream FortiGate allows users to log in to the Fabric root device to authorize a pending join request. |