Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiOS Release Notes

Changes in CLI

Bug ID

Description

550819

Rewrite RDP and VNC handling.

The following commands have been added:

  • Add color depth under VNC bookmark entry.
    config vpn ssl web portal
        edit <name>
            config bookmark-group
                edit <name>
                    config bookmarks
                        edit <name>
                            set apptype vnc
                            set color-depth {32 | 16 | 8}
                            set logon-user <string>
                        next
                    end
                next
            end
        next
    end
    config vpn ssl web {user-group-bookmark user-bookmark}
        config bookmarks
            edit <name>
                set apptype vnc
                set color-depth {32 | 16 | 8}
                set logon-user <string>
            next
        end
    end
  • Add color depth, restricted administrator, send pre-connection ID, and keyboard layout under RDP bookmark entry.
    config vpn ssl web portal
        edit <name>
            config bookmark-group
                edit <name>
                    config bookmarks
                        edit <name>
                            set apptype rdp
                            set color-depth {32 | 16 | 8}
                            set restricted-admin {enable | disable}
                            set send-preconnection-id {enable | disable}
                            set keyboard-layout <option>
                        next
                    end
                next
            end
        next
    end
    
    config vpn ssl web {user-group-bookmark user-bookmark}
        config bookmarks
            edit <name>
                set apptype rdp
                set color-depth {32 | 16 | 8}
                set restricted-admin {enable | disable}
                set send-preconnection-id {enable | disable}
                set keyboard-layout <option>
            next
        end
    end
  • Add web mode RDP and VNC clipboard control.
    config vpn ssl web portal
        edit <name>
            set clipboard {enable | disable}
        next
    end

The following commands have changed:

  • Change maximum value for pre-connection ID under all RDP bookmark entries.

    config vpn ssl web portal
        edit <name>
            config bookmark-group
                edit <name>
                    config bookmarks
                        edit <name>
                            set apptype rdp
                            set preconnection-id <integer, 0 - 4294967295>
                        next
                    end
                next
            end
        next
    end 
    
    config vpn ssl web {user-group-bookmark user-bookmark}
        config bookmarks
            edit <name>
                set apptype rdp
                set preconnection-id <integer, 0 - 4294967295>
            next
        end
    end

The following commands have been removed:

  • Remove server-layout attribute under all RDP bookmark entries.
  • Remove unsupported application types (citrix and portforward) from all bookmark entries for allow-user-access attribute.
  • Remove diagnose app guacd debug command.

645241

Remove prp-port-out and prp-port-in settings from system npu and replace with the following:

config system npu setting prp
    set prp-port-in port-list
    set prp-port-out port-list
end

688989

Change username-case-sensitivity option to username-sensitivity. This new option includes both case sensitivity and accent sensitivity. When disabled, both case and accents are ignored when comparing names during matching:

config user local
    edit <name>
        set username-sensitivity {enable | disable}
    next
end

693347

Restrict IPv6 pools address and IPv6 split tunneling routing address to be IP mask or range type only so SSL VPN can support EMS tag dynamic addresses:

config vpn ssl web portal
    edit <name>
        set ipv6-pools <address>
        set ipv6-split-tunneling-routing-address <address>
    next
end

Changes in CLI

Bug ID

Description

550819

Rewrite RDP and VNC handling.

The following commands have been added:

  • Add color depth under VNC bookmark entry.
    config vpn ssl web portal
        edit <name>
            config bookmark-group
                edit <name>
                    config bookmarks
                        edit <name>
                            set apptype vnc
                            set color-depth {32 | 16 | 8}
                            set logon-user <string>
                        next
                    end
                next
            end
        next
    end
    config vpn ssl web {user-group-bookmark user-bookmark}
        config bookmarks
            edit <name>
                set apptype vnc
                set color-depth {32 | 16 | 8}
                set logon-user <string>
            next
        end
    end
  • Add color depth, restricted administrator, send pre-connection ID, and keyboard layout under RDP bookmark entry.
    config vpn ssl web portal
        edit <name>
            config bookmark-group
                edit <name>
                    config bookmarks
                        edit <name>
                            set apptype rdp
                            set color-depth {32 | 16 | 8}
                            set restricted-admin {enable | disable}
                            set send-preconnection-id {enable | disable}
                            set keyboard-layout <option>
                        next
                    end
                next
            end
        next
    end
    
    config vpn ssl web {user-group-bookmark user-bookmark}
        config bookmarks
            edit <name>
                set apptype rdp
                set color-depth {32 | 16 | 8}
                set restricted-admin {enable | disable}
                set send-preconnection-id {enable | disable}
                set keyboard-layout <option>
            next
        end
    end
  • Add web mode RDP and VNC clipboard control.
    config vpn ssl web portal
        edit <name>
            set clipboard {enable | disable}
        next
    end

The following commands have changed:

  • Change maximum value for pre-connection ID under all RDP bookmark entries.

    config vpn ssl web portal
        edit <name>
            config bookmark-group
                edit <name>
                    config bookmarks
                        edit <name>
                            set apptype rdp
                            set preconnection-id <integer, 0 - 4294967295>
                        next
                    end
                next
            end
        next
    end 
    
    config vpn ssl web {user-group-bookmark user-bookmark}
        config bookmarks
            edit <name>
                set apptype rdp
                set preconnection-id <integer, 0 - 4294967295>
            next
        end
    end

The following commands have been removed:

  • Remove server-layout attribute under all RDP bookmark entries.
  • Remove unsupported application types (citrix and portforward) from all bookmark entries for allow-user-access attribute.
  • Remove diagnose app guacd debug command.

645241

Remove prp-port-out and prp-port-in settings from system npu and replace with the following:

config system npu setting prp
    set prp-port-in port-list
    set prp-port-out port-list
end

688989

Change username-case-sensitivity option to username-sensitivity. This new option includes both case sensitivity and accent sensitivity. When disabled, both case and accents are ignored when comparing names during matching:

config user local
    edit <name>
        set username-sensitivity {enable | disable}
    next
end

693347

Restrict IPv6 pools address and IPv6 split tunneling routing address to be IP mask or range type only so SSL VPN can support EMS tag dynamic addresses:

config vpn ssl web portal
    edit <name>
        set ipv6-pools <address>
        set ipv6-split-tunneling-routing-address <address>
    next
end