Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.0.6 FortiOS Release Notes
7.0.6
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2

Changes in CLI

Changes in CLI

Bug ID

Description

757450

Add web-mode-snat setting in config vpn ssl settings to enable/disable the use of IP pools defined in a firewall policy while using web mode. This setting is disabled by default.

config vpn ssl settings
    set web-mode-snat {enable | disable}
end

When enabled, the IP pools should be added as secondary IPs in the SSL VPN interface.

773698

On FortiGates that support hyperscale firewall features, the following command has been changed to allow using a link aggregation group (LAG) as the HA hardware session synchronization interface.

config system ha
    set hw-session-sync-dev <interface>
end

The LAG members can be any data interfaces that can be used as hardware session synchronization interfaces and can be added to LAGs. Limitations vary among FortiGate models. For example, the FG-1800F and FG-1801F can only use port25 to port40 interfaces as hardware session synchronization interfaces. On the FG-4200F, FG-4201F, FG-4400F, and FG-4401F HA1, HA2, AUX1, and AUX2 interfaces cannot be added to a LAG.

774154

Add auth-timeout setting in config wireless-controller timers to configure the waiting time after which a wireless client is considered to fail RADIUS authentication and times out (in seconds, 5 - 30, default = 5).

config wireless-controller timers
    set auth-timeout <integer>
end

799832

For webhook, aws-lambda, azure-function, google-cloud-function, and alicloud-function automation actions, change the headers attribute to a http-headers configurable subtable (instead of a PARSE_F_MEMBER attribute) so the subtable entries are a key-value pair that can be variable sized strings.

config system automation-action
    edit <name>
        set action-type {webhook | aws-lambda | azure-function | google-cloud-function | alicloud-function}
        config http-headers
            edit 1
                set key <string>
                set value <string>
            next
            edit 2
                set key <string>
                set value <string>
            next
        end
    next
end

807523

Add nat46-force-ipv4-packet-forwarding setting in config system npu to enable or disable mandatory IPv4 packet forwarding when the IPv4 DF is set to 1.

config system npu
    set nat46-force-ipv4-packet-forwarding enable
end
Previous
Next

Changes in CLI

Bug ID

Description

757450

Add web-mode-snat setting in config vpn ssl settings to enable/disable the use of IP pools defined in a firewall policy while using web mode. This setting is disabled by default.

config vpn ssl settings
    set web-mode-snat {enable | disable}
end

When enabled, the IP pools should be added as secondary IPs in the SSL VPN interface.

773698

On FortiGates that support hyperscale firewall features, the following command has been changed to allow using a link aggregation group (LAG) as the HA hardware session synchronization interface.

config system ha
    set hw-session-sync-dev <interface>
end

The LAG members can be any data interfaces that can be used as hardware session synchronization interfaces and can be added to LAGs. Limitations vary among FortiGate models. For example, the FG-1800F and FG-1801F can only use port25 to port40 interfaces as hardware session synchronization interfaces. On the FG-4200F, FG-4201F, FG-4400F, and FG-4401F HA1, HA2, AUX1, and AUX2 interfaces cannot be added to a LAG.

774154

Add auth-timeout setting in config wireless-controller timers to configure the waiting time after which a wireless client is considered to fail RADIUS authentication and times out (in seconds, 5 - 30, default = 5).

config wireless-controller timers
    set auth-timeout <integer>
end

799832

For webhook, aws-lambda, azure-function, google-cloud-function, and alicloud-function automation actions, change the headers attribute to a http-headers configurable subtable (instead of a PARSE_F_MEMBER attribute) so the subtable entries are a key-value pair that can be variable sized strings.

config system automation-action
    edit <name>
        set action-type {webhook | aws-lambda | azure-function | google-cloud-function | alicloud-function}
        config http-headers
            edit 1
                set key <string>
                set value <string>
            next
            edit 2
                set key <string>
                set value <string>
            next
        end
    next
end

807523

Add nat46-force-ipv4-packet-forwarding setting in config system npu to enable or disable mandatory IPv4 packet forwarding when the IPv4 DF is set to 1.

config system npu
    set nat46-force-ipv4-packet-forwarding enable
end
Previous
Next