Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.0.2 FortiOS Release Notes

Changes in default behavior

7.0.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 381bf3e5-2ba6-11ec-8c53-00505692583a:230510
Download PDF

Changes in default behavior

Bug ID

Description

537354

Interface egress shaping offload to NPU when shaping-offload is enabled.

728234

ZTNA configurations no longer require a firewall policy to forward traffic to the access proxy VIP. This is implicitly generated based on the ZTNA rule configuration.

Changes:

  • Firewall policies no longer have the ZTNA toggle for switching between Full ZTNA and IP/MAC filtering.
  • To perform IP/MAC filtering with ZTNA tags, assign tags under IP/MAC Based Access Control in a firewall policy.
  • ZTNA rules must include a source interface.

Upgrading:

  • If an access-proxy type proxy-policy does not have a srcintf, then after upgrading it will be set to any.

  • To display the srcintf as any in the GUI, System > Feature Visibility should have Multiple Interface Policies enabled.

  • All full ZTNA firewall policies will be automatically removed.

729879

When FIPS-CC mode is enabled, subject-match can now be configured. The default value is no longer superset, so it keeps the current setting.
Previous
Next

Changes in default behavior

Bug ID

Description

537354

Interface egress shaping offload to NPU when shaping-offload is enabled.

728234

ZTNA configurations no longer require a firewall policy to forward traffic to the access proxy VIP. This is implicitly generated based on the ZTNA rule configuration.

Changes:

  • Firewall policies no longer have the ZTNA toggle for switching between Full ZTNA and IP/MAC filtering.
  • To perform IP/MAC filtering with ZTNA tags, assign tags under IP/MAC Based Access Control in a firewall policy.
  • ZTNA rules must include a source interface.

Upgrading:

  • If an access-proxy type proxy-policy does not have a srcintf, then after upgrading it will be set to any.

  • To display the srcintf as any in the GUI, System > Feature Visibility should have Multiple Interface Policies enabled.

  • All full ZTNA firewall policies will be automatically removed.

729879

When FIPS-CC mode is enabled, subject-match can now be configured. The default value is no longer superset, so it keeps the current setting.
Previous
Next