Fortinet black logo

New features or enhancements

New features or enhancements

More detailed information is available in the New Features Guide.

Bug ID

Description

658206

New REST API POST /api/v2/monitor/vpn/ike/clear?mkey=<gateway_name> will bring down IKE SAs tunnel the same way as diagnose vpn ike gateway clear.

660596

Because pre-standard POE devices are uncommon in the field, poe-pre-standard-detection is set to disable by default. Upgrading from previous builds will carry forward the configured value.

661105

By using session-sync-dev to offload session synchronization processing to the kernel (with various optimizations), four-member FGSP session synchronization can be supported to handle heavy loads.

667285

When configuring a NAC policy, it is sometimes useful to manually specify a MAC address to match the device. Wildcards in the MAC address are supported by specifying the * character.

673371

Support ICMP type 13 at local interface.

676484

When configuring the generic DDNS service provider as a DDNS server, the server type and address type can be set to IPv6. This allows the FortiGate to connect to an IPv6 DDNS server and provide the FortiGate's IPv6 interface address for updates.

config system ddns
    edit <name>
        set ddns-server genericDDNS
        set server-type {ipv4 | ipv6}
        set ddns-server-addr <address>
        set addr-type ipv6 {ipv4 | ipv6}
        set monitor-interface <port>
    next
end

677334

Add support for MacOS Big Sur 11.1 in SSL VPN OS check.

677684

In a hub and spoke SD-WAN topology with shortcuts created over ADVPN, a downed or recovered shortcut may affect which member is selected by an SD-WAN service strategy. The SD-WAN hold-down-time ensures that when a downed shortcut tunnel comes back up and the shortcut is added back into the service strategy equation, the shortcut is held to low priority until the hold-down-time has passed.

680599

Increase the ICMP rate limit to allow more ICMP error message to be sent by the FortiGate per second. The ICMP rate limit has changed from 1 second (100 jiffies) to 10 milliseconds (1 jiffy).

690179

The SD-WAN REST API for health check and SLA log now exposes ADVPN shortcut information in its result. The child_intf attribute returns the statistics for the corresponding shortcuts. A CLI command is also added to display real-time SLA information for ADVPN shortcuts.

# diagnose sys sdwan sla-log <health check name> <sequence number> <child name>

691411

Ensure EMS logs are recorded for dynamic address related events under Log & Report > Events > SDN Connector Events logs:

  • Add EMS tag

  • Update EMS tag

  • Remove EMS tag

697675

Increase the maximum number of managed FortiSwitches from 8 to 16.

New features or enhancements

More detailed information is available in the New Features Guide.

Bug ID

Description

658206

New REST API POST /api/v2/monitor/vpn/ike/clear?mkey=<gateway_name> will bring down IKE SAs tunnel the same way as diagnose vpn ike gateway clear.

660596

Because pre-standard POE devices are uncommon in the field, poe-pre-standard-detection is set to disable by default. Upgrading from previous builds will carry forward the configured value.

661105

By using session-sync-dev to offload session synchronization processing to the kernel (with various optimizations), four-member FGSP session synchronization can be supported to handle heavy loads.

667285

When configuring a NAC policy, it is sometimes useful to manually specify a MAC address to match the device. Wildcards in the MAC address are supported by specifying the * character.

673371

Support ICMP type 13 at local interface.

676484

When configuring the generic DDNS service provider as a DDNS server, the server type and address type can be set to IPv6. This allows the FortiGate to connect to an IPv6 DDNS server and provide the FortiGate's IPv6 interface address for updates.

config system ddns
    edit <name>
        set ddns-server genericDDNS
        set server-type {ipv4 | ipv6}
        set ddns-server-addr <address>
        set addr-type ipv6 {ipv4 | ipv6}
        set monitor-interface <port>
    next
end

677334

Add support for MacOS Big Sur 11.1 in SSL VPN OS check.

677684

In a hub and spoke SD-WAN topology with shortcuts created over ADVPN, a downed or recovered shortcut may affect which member is selected by an SD-WAN service strategy. The SD-WAN hold-down-time ensures that when a downed shortcut tunnel comes back up and the shortcut is added back into the service strategy equation, the shortcut is held to low priority until the hold-down-time has passed.

680599

Increase the ICMP rate limit to allow more ICMP error message to be sent by the FortiGate per second. The ICMP rate limit has changed from 1 second (100 jiffies) to 10 milliseconds (1 jiffy).

690179

The SD-WAN REST API for health check and SLA log now exposes ADVPN shortcut information in its result. The child_intf attribute returns the statistics for the corresponding shortcuts. A CLI command is also added to display real-time SLA information for ADVPN shortcuts.

# diagnose sys sdwan sla-log <health check name> <sequence number> <child name>

691411

Ensure EMS logs are recorded for dynamic address related events under Log & Report > Events > SDN Connector Events logs:

  • Add EMS tag

  • Update EMS tag

  • Remove EMS tag

697675

Increase the maximum number of managed FortiSwitches from 8 to 16.