Fortinet black logo

FortiOS Release Notes

Changes in default behavior

Changes in default behavior

Bug ID

Description

718571

DHCP relay interfaces are released/initialized for added/deleted relay interfaces only. All other relay interfaces will remain unchanged.

All DHCP relay interfaces now share one socket instead of one socket per interface.

Additionally, DHCP relay now listens on the Layer 3 socket. If customers are using local-in policies to deny any/all traffic, they must create an accept policy to allow UDP/67 traffic before the deny policy, since the FortiGate will now block these packets on the Layer 3 socket.

728468

Previously, all IPs in the IP pool and VIP were considered as local IPs if arp-reply was enabled. Because of this, the new NAT46/64 IP pool and VIP implementation could not use the arp-reply option, and a special route needed to be added on neighboring devices to route traffic to the FortiGate. Now, the IP pool and VIP have been removed from the local IP list, and the arp-reply option can be used for NAT46/64 IP pool and VIP (special routes on other devices are no longer required). This is an optimization of the kernel processing flow, without any command line changes on the user side.

Changes in default behavior

Bug ID

Description

718571

DHCP relay interfaces are released/initialized for added/deleted relay interfaces only. All other relay interfaces will remain unchanged.

All DHCP relay interfaces now share one socket instead of one socket per interface.

Additionally, DHCP relay now listens on the Layer 3 socket. If customers are using local-in policies to deny any/all traffic, they must create an accept policy to allow UDP/67 traffic before the deny policy, since the FortiGate will now block these packets on the Layer 3 socket.

728468

Previously, all IPs in the IP pool and VIP were considered as local IPs if arp-reply was enabled. Because of this, the new NAT46/64 IP pool and VIP implementation could not use the arp-reply option, and a special route needed to be added on neighboring devices to route traffic to the FortiGate. Now, the IP pool and VIP have been removed from the local IP list, and the arp-reply option can be used for NAT46/64 IP pool and VIP (special routes on other devices are no longer required). This is an optimization of the kernel processing flow, without any command line changes on the user side.