DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
New Features
Overview
GUI
Dashboards and widgets
FortiView application bandwidth widget
SSL-VPN and IPsec monitor improvements
DNS status widget 7.0.2
Add real-time FortiView monitors for proxy traffic 7.0.4
General usability enhancements
New themes and CLI console enhancements
Add options for API Preview, Edit in CLI, and References
GUI usability enhancements
Seven-day rolling counter for policy hit counters
FortiGate administrator log in using FortiCloud single sign-on
Navigation menu updates
UX improvements for objects
Interface migration wizard
GUI-based global search 7.0.1
Export firewall policy list to CSV and JSON formats 7.0.2
GUI support for configuration save mode 7.0.2
GUI support for DSL settings 7.0.4
Automatically enable FortiCloud single sign-on after product registration 7.0.4
Process monitor 7.0.4
Loading artifacts from a CDN for improved GUI performance 7.0.4
Security Fabric
Fabric settings
Security Fabric support in multi-VDOM environments
Enhance Security Fabric configuration for FortiSandbox Cloud
FortiWeb integration
Show detailed user information about clients connected over a VPN through EMS
Add FortiDeceptor as a Security Fabric device
Add FortiAI as a Security Fabric device
Improve communication performance between EMS and FortiGate with WebSockets
Simplify EMS pairing with Security Fabric so one approval is needed for all devices
FortiTester as a Security Fabric device 7.0.1
Simplify Fabric approval workflow for FortiAnalyzer 7.0.1
Allow deep inspection certificates to be synchronized to EMS and distributed to FortiClient 7.0.1
Asset Identity Center page 7.0.2
Fabric Management page 7.0.2
Add FortiMonitor as a Security Fabric device 7.0.2
Display EMS ZTNA and endpoint tags in user widgets and Asset Identity Center 7.0.4
Replace FSSO-based FortiNAC tag connector with REST API 7.0.4
Add WebSocket for Security Fabric events 7.0.4
Enhance Fabric Management page 7.0.4
FortiGate Cloud logging in the Security Fabric 7.0.4
Add support for multitenant FortiClient EMS deployments 7.0.8
Rename FortiAI to FortiNDR 7.0.8
Allow FortiClient EMS connectors to trust EMS server certificate renewals based on the CN field 7.0.11
Validating FortiManager’s certificate before connection 7.0.15
External connectors
Threat feed connectors per VDOM
Nutanix connector
STIX format for external threat feeds 7.0.2
Automation stitches
Automation workflow improvements
Microsoft Teams Notification action
Replacement messages for email alerts
Fabric connector event trigger
Security ratings
Security Rating overlays
Add test to check for two-factor authentication
Add test to check for activated FortiCloud services
Add tests for high priority vulnerabilities 7.0.1
Add FortiGuard outbreak alerts category 7.0.4
Network
SD-WAN
Usability enhancements to SD-WAN Network Monitor service
Hold down time to support SD-WAN service strategies
Passive WAN health measurement
SD-WAN passive health check configurable on GUI 7.0.1
ECMP support for the longest match in SD-WAN rule matching 7.0.1
Override quality comparisons in SD-WAN longest match rule matching 7.0.1
Specify an SD-WAN zone in static routes and SD-WAN rules 7.0.1
Display ADVPN shortcut information in the GUI 7.0.1
Speed tests run from the hub to the spokes in dial-up IPsec tunnels 7.0.1
Interface based QoS on individual child tunnels based on speed test results 7.0.1
Passive health-check measurement by internet service and application 7.0.2
Adaptive Forward Error Correction 7.0.2
General
Summarize source IP usage on the Local Out Routing page
Add option to select source interface and address for Telnet and SSH
ECMP routes for recursive BGP next hop resolution
BGP next hop recursive resolution using other BGP routes
Add SNMP OIDs for shaping-related statistics
PRP handling in NAT mode with virtual wire pair
NetFlow on FortiExtender and tunnel interfaces
Integration with carrier CPE management tools
Use file filter rules in sniffer policy
Explicit mode with DoT and DoH
GUI advanced routing options for BGP
GUI page for OSPF settings
GUI routing monitor for BGP and OSPF
OSPF HMAC-SHA authentication 7.0.1
BGP conditional advertisement for IPv6 7.0.1
Enable or disable updating policy routes when link health monitor fails 7.0.1
Add weight setting on each link health monitor server 7.0.1
Enhanced hashing for LAG member selection 7.0.1
Add GPS coordinates to REST API monitor output for FortiExtender and LTE modems 7.0.2
BGP error handling per RFC 7606 7.0.2
Configure IPAM locally on the FortiGate 7.0.2
Use DNS over TLS for default FortiGuard DNS servers 7.0.4
Accept multiple conditions in BGP conditional advertisements 7.0.4
Enhanced BGP next hop updates and ADVPN shortcut override 7.0.4
Allow per-prefix network import checking in BGP 7.0.4
Support QinQ 802.1Q in 802.1Q for FortiGate VMs 7.0.4
Allow only supported FEC implementations on 10G, 25G, 40G, and 100G interfaces 7.0.4
Support 802.1X on virtual switch for certain NP6 platforms 7.0.6
SNMP OIDs for port block allocations IP pool statistics 7.0.6
Support cross-VRF local-in and local-out traffic for local services 7.0.6
BFD for multihop path for BGP 7.0.6
IPv6
Configuring IPv6 multicast policies in the GUI
GUI support for configuring IPv6
FortiGate as an IPv6 DDNS client for generic DDNS
FortiGate as an IPv6 DDNS client for FortiGuard DDNS
Allow backup and restore commands to use IPv6 addresses
VRF support for IPv6 7.0.1
IPv6 tunnel inherits MTU based on physical interface 7.0.2
Web proxy
Explicit proxy authentication over HTTPS
Selectively forward web requests to a transparent web proxy
mTLS client certificate authentication 7.0.1
WAN optimization SSL proxy chaining 7.0.1
Support CORS protocol in explicit web proxy when using session-based, cookie-enabled, and captive portal-enabled SAML authentication 7.0.6
System
General
Allow administrators to define password policy with minimum character change
Enhance host protection engine
ACME certificate support
SFTP configuration backup 7.0.1
Promote FortiCare registration 7.0.1
Add monitoring API to retrieve LTE modem statistics from 3G and 4G FortiGates 7.0.1
Add USB support for FortiExplorer Android 7.0.1
Warnings for unsigned firmware 7.0.2
Enabling individual ciphers in the SSH administrative access protocol 7.0.2
ECDSA in SSH administrative access 7.0.2
Clear multiple sessions with REST API 7.0.2
Disable weak ciphers in the HTTPS protocol 7.0.2
Extend dedicated management CPU feature to 1U and desktop models 7.0.2
Local certificate wizard 7.0.2
Introduce maturity firmware levels 7.0.6
Central management configuration preservation for factory reset on FortiGate 7.0.6
Improve admin-restrict-local handling of multiple authentication servers 7.0.8
Command to compute file hashes 7.0.13
High availability
Optimizing FGSP session synchronization and redundancy
Layer 3 unicast standalone configuration synchronization between peers
Improved link monitoring and HA failover time
HA monitor shows tables that are out of synchronization
HA failover due to memory utilization
IKE monitor for FGSP
Resume IPS scanning of ICCP traffic after HA failover 7.0.1
Extended HA VMAC address range 7.0.2
Applying the session synchronization filter only between FGSP peers in an FGCP over FGSP topology 7.0.6
Optimized FGSP peer communication 7.0.6
FGSP per-tunnel failover for IPsec 7.0.8
FGCP over FGSP per-tunnel failover for IPsec 7.0.8
Allow IPsec DPD in FGSP members to support failovers 7.0.8
FortiGuard
Immediate download update option
Add option to automatically update schedule frequency
Update OUI files from FortiGuard
Use only EU servers for FortiGuard updates 7.0.2
FDS-only ISDB package in firmware images 7.0.4
Security
Enhance BIOS-level signature and file integrity checking 7.0.12
Real-time file system integrity checking 7.0.12
Enhance file integrity check to perform verification during system bootup 7.0.15
Enhance real-time file system integrity checking 7.0.15
Policy and Objects
Zero Trust Network Access
Zero Trust Network Access introduction
Basic ZTNA configuration
Establish device identity and trust context with FortiClient EMS
SSL certificate based authentication
ZTNA configuration examples
ZTNA HTTPS access proxy example
ZTNA HTTPS access proxy with basic authentication example
ZTNA TCP forwarding access proxy example
ZTNA proxy access with SAML authentication example
ZTNA IP MAC filtering example
ZTNA TCP forwarding access proxy without encryption example 7.0.1
ZTNA IPv6 examples 7.0.1
ZTNA SSH access proxy example 7.0.1
Migrating from SSL VPN to ZTNA HTTPS access proxy
ZTNA troubleshooting and debugging
ZTNA logging enhancements 7.0.1
Logical AND for ZTNA tag matching 7.0.2
Implicitly generate a firewall policy for a ZTNA rule 7.0.2
Posture check verification for active ZTNA proxy session 7.0.2
GUI support for multiple ZTNA features 7.0.2
Increase ZTNA and EMS tag limits 7.0.4
Use FQDN with ZTNA TCP forwarding access proxy 7.0.4
UTM scanning on TCP forwarding access proxy traffic 7.0.4
Connect a ZTNA access proxy to an SSL VPN web portal 7.0.4
ZTNA FortiView and log enhancements 7.0.4
ZTNA session-based form authentication 7.0.4
Using the IP pool or client IP address in a ZTNA connection to backend servers 7.0.6
NGFW
Filters for application control groups in NGFW mode
Policies
DNS health check monitor for server load balancing
Carrier-grade NAT
Allow multiple virtual wire pairs in a virtual wire pair policy
Simplify NAT46 and NAT64 policy and routing configurations 7.0.1
Cisco Security Group Tag as policy matching criteria 7.0.1
Objects
Record central NAT and DNAT hit count
MAC address wildcard in firewall address
Allow VIPs to be enabled or disabled in central NAT mode 7.0.1
Security profiles
Antivirus
Stream-based antivirus scan in proxy mode for FTP, SFTP, and SCP
Configure threat feed and outbreak prevention without AV engine scan
AI-based malware detection
Malware threat feed from EMS
FortiAI inline blocking and integration with an AV profile 7.0.1
Application control
Application signature dissector for DNP3
Web filter
FortiGuard web filter categories to block child sexual abuse and terrorism
Enhance web filter antiphishing profile
Add categories for URL shortening, crypto mining, and potentially unwanted programs 7.0.2
IPS
Highlight on hold IPS signatures
Extend SCTP filtering capabilities 7.0.1
Support full extended IPS database for CP9 models and slim extended database for other physical models 7.0.6
Support full extended IPS database for FortiGate VMs with eight cores or more 7.0.11
SSL/SSH inspection
HTTP/2 support in proxy mode SSL inspection
Define multiple certificates in an SSL profile in replace mode
Others
Support secure ICAP clients
Add TCP connection pool for connections to ICAP server
Improve WAD traffic dispatcher
Video filtering
DNS filter handled by IPS engine in flow mode
DNS inspection with DoT and DoH
Flow-based SIP inspection
Scanning MSRP traffic 7.0.2
Allow the YouTube channel override action to take precedence 7.0.6
VPN
IPsec and SSL VPN
Configurable IKE port
Packet distribution for aggregate dial-up IPsec tunnels
IPsec global IKE embryonic limit
FortiGate as SSL VPN Client
Dual stack IPv4 and IPv6 support for SSL VPN
Disable the clipboard in SSL VPN web mode RDP connections 7.0.1
Use SSL VPN interfaces in zones 7.0.1
SSL VPN and IPsec VPN IP address assignments 7.0.1
Dedicated tunnel ID for IPsec tunnels 7.0.1
Allow customization of RDP display size for SSL VPN web mode 7.0.4
IPsec support for round robin and RPS distribution 7.0.8
Restriction and validation of HTTP messages 7.0.15
User and authentication
Authentication
Integrate user information from EMS connector and Exchange connector in the user store
SAML authentication in a proxy policy
Improve FortiToken Cloud visibility 7.0.1
Use a browser as an external user-agent for SAML authentication in an SSL VPN connection 7.0.1
Add configurable FSSO timeout when connection to collector agent fails 7.0.1
Track users in each Active Directory LDAP group 7.0.2
Configuring SAML SSO in the GUI 7.0.2
Migrating FortiToken Mobile users from FortiOS to FortiToken Cloud 7.0.4
Synchronizing LDAP Active Directory users to FortiToken Cloud using the group filter 7.0.6
Secure access
Wireless
Configure Agile Multiband Operation
Captive portal authentication when bridged via software switch
DHCP address enforcement
Increase maximum number of supported VLANs
Add RADIUS MAC delimiter options
Radio transmit power range in dBm
Station mode on FortiAP radios to initiate tests against other APs
AP operating temperature 7.0.1
Allow indoor and outdoor flags to be overridden 7.0.1
DNS configuration for local standalone NAT VAPs 7.0.1
Backward compatibility with FortiAP models that uses weaker ciphers 7.0.1
Disable console access on managed FortiAP devices 7.0.1
Captive portal authentication in service assurance management (SAM) mode 7.0.1
Support CAPWAP hitless failover using FGCP 7.0.1
Provide LBS station information with REST API 7.0.2
Allow users to select individual security profiles in bridged SSID 7.0.2
Wireless client MAC authentication and MPSK returned through RADIUS 7.0.2
FQDN for FortiPresence server IP address in FortiAP profiles 7.0.2
Wi-Fi Alliance Hotspot 2.0 Release 3 support 7.0.2
Automatic BSS coloring 7.0.2
Configure 802.11ax MCS rates 7.0.2
Syslog profile to send logs to the syslog server 7.0.4
Support Dynamic VLAN assignment by Name Tag 7.0.4
DAARP to consider full channel bandwidth in channel selection 7.0.4
Support multiple DARRP profiles and per profile optimize schedule 7.0.4
Support WPA3 on FortiWiFi F-series models 7.0.4
Support advertising vendor specific element in beacon frames 7.0.4
Support 802.1X supplicant on LAN 7.0.4
GUI support for Wireless client MAC authentication and MPSK returned through RADIUS 7.0.4
GUI enhancements to distinguish UTM capable FortiAP models 7.0.4
Upgrade FortiAP firmware on authorization 7.0.4
Wireless Authentication using SAML Credentials 7.0.5
Add profile support for FortiAP G-series models supporting WiFi 6E Tri-band and Dual 5 GHz modes 7.0.8
Switch controller
Forward error correction settings on switch ports
Cancel pending or downloading FortiSwitch upgrades
Automatic provisioning of FortiSwitch firmware upon authorization
Additional FortiSwitch recommendations in Security Rating
PoE pre-standard detection disabled by default
Cloud icon indicates that the FortiSwitch unit is managed over layer 3
GUI support for viewing and configuring shared FortiSwitch ports
Ability to re-order FortiSwitch units in the Topology view 7.0.1
Support of the DHCP server access list 7.0.1
SNMP OIDs added for switch statistics and port status 7.0.1
Display port properties of managed FortiSwitch units 7.0.1
IGMP-snooping querier and per-VLAN IGMP-snooping proxy configuration 7.0.2
Managing DSL transceivers (FN-TRAN-DSL) 7.0.2
One-time automatic upgrade to the latest FortiSwitch firmware 7.0.4
Support hardware vendor matching in dynamic port policies 7.0.4
Configure the frequency of IGMP queries 7.0.8
NAC
FortiSwitch NAC VLANs widget
Use wildcards in a MAC address in a NAC policy
FortiGate NAC engine optimization
Wireless NAC support
Dynamic port profiles for FortiSwitch ports
GUI updates for the switch controller
Support dynamic firewall addresses in NAC policies 7.0.1
NAC LAN segments 7.0.1
Specify FortiSwitch groups in NAC policies 7.0.2
FortiExtender
Introduce LAN extension mode for FortiExtender 7.0.2
Using the backhaul IP when the FortiGate access controller is behind NAT 7.0.2
Bandwidth limits on the FortiExtender Thin Edge 7.0.2
IPAM in FortiExtender LAN extension mode 7.0.4
FortiExtender LAN extension in public cloud FGT-VM 7.0.4
Log and report
Logging
Add logs for the execution of CLI commands
Logging IP address threat feeds in sniffer mode
Enhance TLS logging 7.0.1
Generate unique user name for anonymized logs 7.0.2
Support TACACS+ accounting 7.0.2
Add dstuser field to UTM logs 7.0.2
Log REST API events 7.0.4
Cloud
Public and private cloud
Collect only node IP addresses with K8s SDN connectors
Unicast HA on IBM VPC Cloud
Update AliCloud SDN connector to support Kubernetes filters
Synchronize wildcard FQDN resolved addresses to autoscale peers
Obtain FortiCare-generated license and certificates for GCP PAYG instances
FortiGate VM on KVM running ARM processors 7.0.1
Support MIME multipart bootstrapping on KVM with config drive 7.0.1
Support GCP gVNIC interface 7.0.1
FIPS cipher mode for OCI and GCP FortiGate VMs 7.0.1
SD-WAN transit routing with Google Network Connectivity Center 7.0.1
Support C5d instance type for AWS Outposts 7.0.1
FGSP session sync on FortiGate-VMs on Azure with autoscaling enabled 7.0.1
FortiFlex token and bootstrap configuration file fields in custom OVF template 7.0.2
Subscription-based VDOM license for FortiGate-VM S-series 7.0.2
Isolate CPUs used by DPDK engine 7.0.2
AWS STS in AWS SDN connector 7.0.4
Multitenancy support with AWS GWLB enhancement 7.0.4
ATP bundle addition for S-series 7.0.4
FortiCarrier upgrade license for FortiGate-VM S-series 7.0.4
Injecting FortiFlex license via web proxy 7.0.4
c6i instance support on AWS 7.0.4
FortiGate-VM OVF package update 7.0.4
Support c6g instances on AWS 7.0.6
Support Graviton c7g and c6gn instance types on AWS 7.0.8
Support Ampere A1 Compute instances on OCI 7.0.8
Add TPM support for FortiGate-VM 7.0.8
FortiOS Carrier
Index
Change Log
Home
FortiGate / FortiOS 7.0.0
New Features
7.0.0
7.6.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
NAC
NAC
This section includes information about NAC related new features:
FortiSwitch NAC VLANs widget
Use wildcards in a MAC address in a NAC policy
FortiGate NAC engine optimization
Wireless NAC support
Dynamic port profiles for FortiSwitch ports
GUI updates for the switch controller
Support dynamic firewall addresses in NAC policies 7.0.1
NAC LAN segments 7.0.1
Specify FortiSwitch groups in NAC policies 7.0.2
Previous
Next
NAC
NAC
This section includes information about NAC related new features:
FortiSwitch NAC VLANs widget
Use wildcards in a MAC address in a NAC policy
FortiGate NAC engine optimization
Wireless NAC support
Dynamic port profiles for FortiSwitch ports
GUI updates for the switch controller
Support dynamic firewall addresses in NAC policies 7.0.1
NAC LAN segments 7.0.1
Specify FortiSwitch groups in NAC policies 7.0.2
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Overview
GUI
Dashboards and widgets
FortiView application bandwidth widget
SSL-VPN and IPsec monitor improvements
DNS status widget 7.0.2
Add real-time FortiView monitors for proxy traffic 7.0.4
General usability enhancements
New themes and CLI console enhancements
Add options for API Preview, Edit in CLI, and References
GUI usability enhancements
Seven-day rolling counter for policy hit counters
FortiGate administrator log in using FortiCloud single sign-on
Navigation menu updates
UX improvements for objects
Interface migration wizard
GUI-based global search 7.0.1
Export firewall policy list to CSV and JSON formats 7.0.2
GUI support for configuration save mode 7.0.2
GUI support for DSL settings 7.0.4
Automatically enable FortiCloud single sign-on after product registration 7.0.4
Process monitor 7.0.4
Loading artifacts from a CDN for improved GUI performance 7.0.4
Security Fabric
Fabric settings
Security Fabric support in multi-VDOM environments
Enhance Security Fabric configuration for FortiSandbox Cloud
FortiWeb integration
Show detailed user information about clients connected over a VPN through EMS
Add FortiDeceptor as a Security Fabric device
Add FortiAI as a Security Fabric device
Improve communication performance between EMS and FortiGate with WebSockets
Simplify EMS pairing with Security Fabric so one approval is needed for all devices
FortiTester as a Security Fabric device 7.0.1
Simplify Fabric approval workflow for FortiAnalyzer 7.0.1
Allow deep inspection certificates to be synchronized to EMS and distributed to FortiClient 7.0.1
Asset Identity Center page 7.0.2
Fabric Management page 7.0.2
Add FortiMonitor as a Security Fabric device 7.0.2
Display EMS ZTNA and endpoint tags in user widgets and Asset Identity Center 7.0.4
Replace FSSO-based FortiNAC tag connector with REST API 7.0.4
Add WebSocket for Security Fabric events 7.0.4
Enhance Fabric Management page 7.0.4
FortiGate Cloud logging in the Security Fabric 7.0.4
Add support for multitenant FortiClient EMS deployments 7.0.8
Rename FortiAI to FortiNDR 7.0.8
Allow FortiClient EMS connectors to trust EMS server certificate renewals based on the CN field 7.0.11
Validating FortiManager’s certificate before connection 7.0.15
External connectors
Threat feed connectors per VDOM
Nutanix connector
STIX format for external threat feeds 7.0.2
Automation stitches
Automation workflow improvements
Microsoft Teams Notification action
Replacement messages for email alerts
Fabric connector event trigger
Security ratings
Security Rating overlays
Add test to check for two-factor authentication
Add test to check for activated FortiCloud services
Add tests for high priority vulnerabilities 7.0.1
Add FortiGuard outbreak alerts category 7.0.4
Network
SD-WAN
Usability enhancements to SD-WAN Network Monitor service
Hold down time to support SD-WAN service strategies
Passive WAN health measurement
SD-WAN passive health check configurable on GUI 7.0.1
ECMP support for the longest match in SD-WAN rule matching 7.0.1
Override quality comparisons in SD-WAN longest match rule matching 7.0.1
Specify an SD-WAN zone in static routes and SD-WAN rules 7.0.1
Display ADVPN shortcut information in the GUI 7.0.1
Speed tests run from the hub to the spokes in dial-up IPsec tunnels 7.0.1
Interface based QoS on individual child tunnels based on speed test results 7.0.1
Passive health-check measurement by internet service and application 7.0.2
Adaptive Forward Error Correction 7.0.2
General
Summarize source IP usage on the Local Out Routing page
Add option to select source interface and address for Telnet and SSH
ECMP routes for recursive BGP next hop resolution
BGP next hop recursive resolution using other BGP routes
Add SNMP OIDs for shaping-related statistics
PRP handling in NAT mode with virtual wire pair
NetFlow on FortiExtender and tunnel interfaces
Integration with carrier CPE management tools
Use file filter rules in sniffer policy
Explicit mode with DoT and DoH
GUI advanced routing options for BGP
GUI page for OSPF settings
GUI routing monitor for BGP and OSPF
OSPF HMAC-SHA authentication 7.0.1
BGP conditional advertisement for IPv6 7.0.1
Enable or disable updating policy routes when link health monitor fails 7.0.1
Add weight setting on each link health monitor server 7.0.1
Enhanced hashing for LAG member selection 7.0.1
Add GPS coordinates to REST API monitor output for FortiExtender and LTE modems 7.0.2
BGP error handling per RFC 7606 7.0.2
Configure IPAM locally on the FortiGate 7.0.2
Use DNS over TLS for default FortiGuard DNS servers 7.0.4
Accept multiple conditions in BGP conditional advertisements 7.0.4
Enhanced BGP next hop updates and ADVPN shortcut override 7.0.4
Allow per-prefix network import checking in BGP 7.0.4
Support QinQ 802.1Q in 802.1Q for FortiGate VMs 7.0.4
Allow only supported FEC implementations on 10G, 25G, 40G, and 100G interfaces 7.0.4
Support 802.1X on virtual switch for certain NP6 platforms 7.0.6
SNMP OIDs for port block allocations IP pool statistics 7.0.6
Support cross-VRF local-in and local-out traffic for local services 7.0.6
BFD for multihop path for BGP 7.0.6
IPv6
Configuring IPv6 multicast policies in the GUI
GUI support for configuring IPv6
FortiGate as an IPv6 DDNS client for generic DDNS
FortiGate as an IPv6 DDNS client for FortiGuard DDNS
Allow backup and restore commands to use IPv6 addresses
VRF support for IPv6 7.0.1
IPv6 tunnel inherits MTU based on physical interface 7.0.2
Web proxy
Explicit proxy authentication over HTTPS
Selectively forward web requests to a transparent web proxy
mTLS client certificate authentication 7.0.1
WAN optimization SSL proxy chaining 7.0.1
Support CORS protocol in explicit web proxy when using session-based, cookie-enabled, and captive portal-enabled SAML authentication 7.0.6
System
General
Allow administrators to define password policy with minimum character change
Enhance host protection engine
ACME certificate support
SFTP configuration backup 7.0.1
Promote FortiCare registration 7.0.1
Add monitoring API to retrieve LTE modem statistics from 3G and 4G FortiGates 7.0.1
Add USB support for FortiExplorer Android 7.0.1
Warnings for unsigned firmware 7.0.2
Enabling individual ciphers in the SSH administrative access protocol 7.0.2
ECDSA in SSH administrative access 7.0.2
Clear multiple sessions with REST API 7.0.2
Disable weak ciphers in the HTTPS protocol 7.0.2
Extend dedicated management CPU feature to 1U and desktop models 7.0.2
Local certificate wizard 7.0.2
Introduce maturity firmware levels 7.0.6
Central management configuration preservation for factory reset on FortiGate 7.0.6
Improve admin-restrict-local handling of multiple authentication servers 7.0.8
Command to compute file hashes 7.0.13
High availability
Optimizing FGSP session synchronization and redundancy
Layer 3 unicast standalone configuration synchronization between peers
Improved link monitoring and HA failover time
HA monitor shows tables that are out of synchronization
HA failover due to memory utilization
IKE monitor for FGSP
Resume IPS scanning of ICCP traffic after HA failover 7.0.1
Extended HA VMAC address range 7.0.2
Applying the session synchronization filter only between FGSP peers in an FGCP over FGSP topology 7.0.6
Optimized FGSP peer communication 7.0.6
FGSP per-tunnel failover for IPsec 7.0.8
FGCP over FGSP per-tunnel failover for IPsec 7.0.8
Allow IPsec DPD in FGSP members to support failovers 7.0.8
FortiGuard
Immediate download update option
Add option to automatically update schedule frequency
Update OUI files from FortiGuard
Use only EU servers for FortiGuard updates 7.0.2
FDS-only ISDB package in firmware images 7.0.4
Security
Enhance BIOS-level signature and file integrity checking 7.0.12
Real-time file system integrity checking 7.0.12
Enhance file integrity check to perform verification during system bootup 7.0.15
Enhance real-time file system integrity checking 7.0.15
Policy and Objects
Zero Trust Network Access
Zero Trust Network Access introduction
Basic ZTNA configuration
Establish device identity and trust context with FortiClient EMS
SSL certificate based authentication
ZTNA configuration examples
ZTNA HTTPS access proxy example
ZTNA HTTPS access proxy with basic authentication example
ZTNA TCP forwarding access proxy example
ZTNA proxy access with SAML authentication example
ZTNA IP MAC filtering example
ZTNA TCP forwarding access proxy without encryption example 7.0.1
ZTNA IPv6 examples 7.0.1
ZTNA SSH access proxy example 7.0.1
Migrating from SSL VPN to ZTNA HTTPS access proxy
ZTNA troubleshooting and debugging
ZTNA logging enhancements 7.0.1
Logical AND for ZTNA tag matching 7.0.2
Implicitly generate a firewall policy for a ZTNA rule 7.0.2
Posture check verification for active ZTNA proxy session 7.0.2
GUI support for multiple ZTNA features 7.0.2
Increase ZTNA and EMS tag limits 7.0.4
Use FQDN with ZTNA TCP forwarding access proxy 7.0.4
UTM scanning on TCP forwarding access proxy traffic 7.0.4
Connect a ZTNA access proxy to an SSL VPN web portal 7.0.4
ZTNA FortiView and log enhancements 7.0.4
ZTNA session-based form authentication 7.0.4
Using the IP pool or client IP address in a ZTNA connection to backend servers 7.0.6
NGFW
Filters for application control groups in NGFW mode
Policies
DNS health check monitor for server load balancing
Carrier-grade NAT
Allow multiple virtual wire pairs in a virtual wire pair policy
Simplify NAT46 and NAT64 policy and routing configurations 7.0.1
Cisco Security Group Tag as policy matching criteria 7.0.1
Objects
Record central NAT and DNAT hit count
MAC address wildcard in firewall address
Allow VIPs to be enabled or disabled in central NAT mode 7.0.1
Security profiles
Antivirus
Stream-based antivirus scan in proxy mode for FTP, SFTP, and SCP
Configure threat feed and outbreak prevention without AV engine scan
AI-based malware detection
Malware threat feed from EMS
FortiAI inline blocking and integration with an AV profile 7.0.1
Application control
Application signature dissector for DNP3
Web filter
FortiGuard web filter categories to block child sexual abuse and terrorism
Enhance web filter antiphishing profile
Add categories for URL shortening, crypto mining, and potentially unwanted programs 7.0.2
IPS
Highlight on hold IPS signatures
Extend SCTP filtering capabilities 7.0.1
Support full extended IPS database for CP9 models and slim extended database for other physical models 7.0.6
Support full extended IPS database for FortiGate VMs with eight cores or more 7.0.11
SSL/SSH inspection
HTTP/2 support in proxy mode SSL inspection
Define multiple certificates in an SSL profile in replace mode
Others
Support secure ICAP clients
Add TCP connection pool for connections to ICAP server
Improve WAD traffic dispatcher
Video filtering
DNS filter handled by IPS engine in flow mode
DNS inspection with DoT and DoH
Flow-based SIP inspection
Scanning MSRP traffic 7.0.2
Allow the YouTube channel override action to take precedence 7.0.6
VPN
IPsec and SSL VPN
Configurable IKE port
Packet distribution for aggregate dial-up IPsec tunnels
IPsec global IKE embryonic limit
FortiGate as SSL VPN Client
Dual stack IPv4 and IPv6 support for SSL VPN
Disable the clipboard in SSL VPN web mode RDP connections 7.0.1
Use SSL VPN interfaces in zones 7.0.1
SSL VPN and IPsec VPN IP address assignments 7.0.1
Dedicated tunnel ID for IPsec tunnels 7.0.1
Allow customization of RDP display size for SSL VPN web mode 7.0.4
IPsec support for round robin and RPS distribution 7.0.8
Restriction and validation of HTTP messages 7.0.15
User and authentication
Authentication
Integrate user information from EMS connector and Exchange connector in the user store
SAML authentication in a proxy policy
Improve FortiToken Cloud visibility 7.0.1
Use a browser as an external user-agent for SAML authentication in an SSL VPN connection 7.0.1
Add configurable FSSO timeout when connection to collector agent fails 7.0.1
Track users in each Active Directory LDAP group 7.0.2
Configuring SAML SSO in the GUI 7.0.2
Migrating FortiToken Mobile users from FortiOS to FortiToken Cloud 7.0.4
Synchronizing LDAP Active Directory users to FortiToken Cloud using the group filter 7.0.6
Secure access
Wireless
Configure Agile Multiband Operation
Captive portal authentication when bridged via software switch
DHCP address enforcement
Increase maximum number of supported VLANs
Add RADIUS MAC delimiter options
Radio transmit power range in dBm
Station mode on FortiAP radios to initiate tests against other APs
AP operating temperature 7.0.1
Allow indoor and outdoor flags to be overridden 7.0.1
DNS configuration for local standalone NAT VAPs 7.0.1
Backward compatibility with FortiAP models that uses weaker ciphers 7.0.1
Disable console access on managed FortiAP devices 7.0.1
Captive portal authentication in service assurance management (SAM) mode 7.0.1
Support CAPWAP hitless failover using FGCP 7.0.1
Provide LBS station information with REST API 7.0.2
Allow users to select individual security profiles in bridged SSID 7.0.2
Wireless client MAC authentication and MPSK returned through RADIUS 7.0.2
FQDN for FortiPresence server IP address in FortiAP profiles 7.0.2
Wi-Fi Alliance Hotspot 2.0 Release 3 support 7.0.2
Automatic BSS coloring 7.0.2
Configure 802.11ax MCS rates 7.0.2
Syslog profile to send logs to the syslog server 7.0.4
Support Dynamic VLAN assignment by Name Tag 7.0.4
DAARP to consider full channel bandwidth in channel selection 7.0.4
Support multiple DARRP profiles and per profile optimize schedule 7.0.4
Support WPA3 on FortiWiFi F-series models 7.0.4
Support advertising vendor specific element in beacon frames 7.0.4
Support 802.1X supplicant on LAN 7.0.4
GUI support for Wireless client MAC authentication and MPSK returned through RADIUS 7.0.4
GUI enhancements to distinguish UTM capable FortiAP models 7.0.4
Upgrade FortiAP firmware on authorization 7.0.4
Wireless Authentication using SAML Credentials 7.0.5
Add profile support for FortiAP G-series models supporting WiFi 6E Tri-band and Dual 5 GHz modes 7.0.8
Switch controller
Forward error correction settings on switch ports
Cancel pending or downloading FortiSwitch upgrades
Automatic provisioning of FortiSwitch firmware upon authorization
Additional FortiSwitch recommendations in Security Rating
PoE pre-standard detection disabled by default
Cloud icon indicates that the FortiSwitch unit is managed over layer 3
GUI support for viewing and configuring shared FortiSwitch ports
Ability to re-order FortiSwitch units in the Topology view 7.0.1
Support of the DHCP server access list 7.0.1
SNMP OIDs added for switch statistics and port status 7.0.1
Display port properties of managed FortiSwitch units 7.0.1
IGMP-snooping querier and per-VLAN IGMP-snooping proxy configuration 7.0.2
Managing DSL transceivers (FN-TRAN-DSL) 7.0.2
One-time automatic upgrade to the latest FortiSwitch firmware 7.0.4
Support hardware vendor matching in dynamic port policies 7.0.4
Configure the frequency of IGMP queries 7.0.8
NAC
FortiSwitch NAC VLANs widget
Use wildcards in a MAC address in a NAC policy
FortiGate NAC engine optimization
Wireless NAC support
Dynamic port profiles for FortiSwitch ports
GUI updates for the switch controller
Support dynamic firewall addresses in NAC policies 7.0.1
NAC LAN segments 7.0.1
Specify FortiSwitch groups in NAC policies 7.0.2
FortiExtender
Introduce LAN extension mode for FortiExtender 7.0.2
Using the backhaul IP when the FortiGate access controller is behind NAT 7.0.2
Bandwidth limits on the FortiExtender Thin Edge 7.0.2
IPAM in FortiExtender LAN extension mode 7.0.4
FortiExtender LAN extension in public cloud FGT-VM 7.0.4
Log and report
Logging
Add logs for the execution of CLI commands
Logging IP address threat feeds in sniffer mode
Enhance TLS logging 7.0.1
Generate unique user name for anonymized logs 7.0.2
Support TACACS+ accounting 7.0.2
Add dstuser field to UTM logs 7.0.2
Log REST API events 7.0.4
Cloud
Public and private cloud
Collect only node IP addresses with K8s SDN connectors
Unicast HA on IBM VPC Cloud
Update AliCloud SDN connector to support Kubernetes filters
Synchronize wildcard FQDN resolved addresses to autoscale peers
Obtain FortiCare-generated license and certificates for GCP PAYG instances
FortiGate VM on KVM running ARM processors 7.0.1
Support MIME multipart bootstrapping on KVM with config drive 7.0.1
Support GCP gVNIC interface 7.0.1
FIPS cipher mode for OCI and GCP FortiGate VMs 7.0.1
SD-WAN transit routing with Google Network Connectivity Center 7.0.1
Support C5d instance type for AWS Outposts 7.0.1
FGSP session sync on FortiGate-VMs on Azure with autoscaling enabled 7.0.1
FortiFlex token and bootstrap configuration file fields in custom OVF template 7.0.2
Subscription-based VDOM license for FortiGate-VM S-series 7.0.2
Isolate CPUs used by DPDK engine 7.0.2
AWS STS in AWS SDN connector 7.0.4
Multitenancy support with AWS GWLB enhancement 7.0.4
ATP bundle addition for S-series 7.0.4
FortiCarrier upgrade license for FortiGate-VM S-series 7.0.4
Injecting FortiFlex license via web proxy 7.0.4
c6i instance support on AWS 7.0.4
FortiGate-VM OVF package update 7.0.4
Support c6g instances on AWS 7.0.6
Support Graviton c7g and c6gn instance types on AWS 7.0.8
Support Ampere A1 Compute instances on OCI 7.0.8
Add TPM support for FortiGate-VM 7.0.8
FortiOS Carrier
Index
Change Log