Index

The following index provides a list of all new features added to FortiOS 7.2. The index allows you to quickly identify the version where the feature first became available in FortiOS.

Select a version number to navigate in the index to the new features available for that patch:

• 7.2.0

• 7.2.1

7.2.0

GUI

General usability enhancements

• Look up IP address information from the Internet Service Database page

• Embed real-time packet capture and analysis tool on Diagnostics page

• Embed real-time debug flow tool on Diagnostics page

• Display detailed FortiSandbox analysis and downloadable PDF report

Security Fabric

Fabric settings

• Automatic regional discovery for FortiSandbox Cloud

• Follow the upgrade path in a federated update

• Rename FortiAI to FortiNDR

• Register all HA members to FortiCare from the primary unit

• Remove support for Security Fabric loose pairing

• Allow FortiSwitch and FortiAP upgrade when the Security Fabric is disabled

Automation stitches

• Add new automation triggers for event logs

Network

SD-WAN

• Allow application category as an option for SD-WAN rule destination

• Add mean opinion score calculation and logging in performance SLA health checks

• Multiple members per SD-WAN neighbor configuration

• Duplication on-demand when SLAs in the configured service are matched

• SD-WAN in large scale deployments

• SD-WAN segmentation over a single overlay

General

• Add NetFlow fields to identify class of service

• OSPF graceful restart on topology change

• OSPFv3 graceful restart for OSPF6

• BFD for multihop path for BGP

• Configuring the FortiGate to act as an 802.1X supplicant

• Support 802.1X on virtual switch for certain NP6 platforms

• SNMP OIDs for port block allocations IP pool statistics

• Increase the number of VRFs per VDOM

IPv6

• Configuring IPv4 over IPv6 DS-Lite service

• NAT46 and NAT64 for SIP ALG

System

General

• Improve admin-restrict-local handling of multiple authentication servers

• Access control for SNMP based on the MIB-view and VDOM

• Backing up and restoring configuration files in YAML format

• Remove split-task VDOMs and add a new administrative VDOM type

• Introduce maturity firmware levels

High availability

• VRRP on EMAC-VLAN interfaces

• Abbreviated TLS handshake after HA failover

• HA failover support for ZTNA proxy sessions

• Add warnings when upgrading an HA cluster that is out of synchronization

• Support up to 30 virtual clusters

FortiGuard

• FDS-only ISDB package in firmware images

• Verifying and accepting signed AV and IPS packages

Policy & Objects

Zero Trust Network Access

• ZTNA scalability support for up to 50 thousand concurrent endpoints

• Using the IP pool or client IP in a ZTNA connection to backend servers

NGFW

• Allow web filter category groups to be selected in NGFW policies

• Add option to set application default port as a service port

• Introduce learn mode in security policies in NGFW mode

Policies

• Adding traffic shapers to multicast policies

• Add Policy change summary and Policy expiration to Workflow Management

Objects

• Allow empty address groups

• Remove overlap check for VIPs

Security Profiles

Antivirus

• FortiSandbox inline scanning

Web filter

• Using the Websense Integrated Services Protocol in flow mode

• Inspecting HTTP3 traffic

IPS

• IPS sensor entry filters

Others

• Add email filters for block allow lists

• Enhance the DLP backend and configurations

• Add option to disable the FortiGuard IP address rating

VPN

IPsec and SSL VPN

• Add log field to identify ADVPN shortcuts in VPN logs

• Show the SSL VPN portal login page in the browser's language

• SLA link monitoring for dynamic IPsec and SSL VPN tunnels

User & Authentication

Authentication

• RADIUS Termination-Action AVP in wired and wireless scenarios

• Improve response time for direct FSSO login REST API

• Configuring client certificate authentication on the LDAP server

• Tracking rolling historical records of LDAP user logins

• Using a comma as a group delimiter in RADIUS accounting messages

Secure Access

Wireless

• Allow pre-authorization of a FortiAP by specifying a Wildcard Serial Number

• Disable dedicated scanning on FortiAP F-Series profiles

• Improve WiFi channel selection GUI

• Support Layer 3 roaming for tunnel mode

• Report wireless client app usage for clients connected to bridge mode SSIDs

Switch Controller

• Automatic updating of the port list when switch split ports are changed

• Use wildcard serial numbers to pre-authorize FortiSwitch units

• Allow multiple managed FortiSwitch VLANs to be used in a software switch

• Allow a LAG on a FortiLink-enabled software switch

• Configure MAB reauthentication globally or locally

• Enhanced FortiSwitch Topology view

• Support dynamic discovery in FortiLink mode over a layer-3 network

• Configure flap guard through the switch controller

• Allow FortiSwitch console port login to be disabled

• Configure multiple flow-export collectors

• Enhanced FortiSwitch Ports page and Diagnostics and Tools pane

• Manage FortiSwitch units on VXLAN interfaces

• Add new FortiSwitch Clients page

NAC

• Allow the configuration of NAC LAN segments in the GUI

FortiExtender

• Allow FortiExtender to be managed and used in a non-root VDOM

Log & Report

Logging

• Add IOC detection for local out traffic

• HTTP transaction log fields

• Updated System Events log page

• New Security Events log page

• Improve FortiAnalyzer log caching

• Add FortiAnalyzer Reports page

Cloud

Public and private cloud

• Allow grace period for Flex-VM to begin passing traffic upon activation

• Azure new instance type support

• OCI X7 and X9 instance shapes

Operational Technology

GUI

• Add OT asset visibility and network topology to Asset Identity Center page

System

• Allow manual licensing for FortiGates in air-gap environments

7.2.1

Security Fabric

Fabric settings

• Add support for multitenant FortiClient EMS deployments 7.2.1

• Add IoT devices to Asset Identity Center page 7.2.1

External connectors

• SAP external connector 7.2.1
• Using the REST API to push updates to external threat feeds 7.2.1

Automation stitches

• Certificate expiration trigger 7.2.1

• System automation actions to back up, reboot, or shut down the FortiGate 7.2.1

• Enhance automation trigger to execute only once at a scheduled date and time 7.2.1

Security ratings

• Add PSIRT vulnerabilities to security ratings and notifications for critical vulnerabilities found on Fabric devices 7.2.1

Network

SD-WAN

• Embedded SD-WAN SLA information in ICMP probes 7.2.1

• Exchange underlay link cost property with remote peer in IPsec VPN phase 1 negotiation 7.2.1

• Copying the DSCP value from the session original direction to its reply direction 7.2.1

General

• GUI support for advanced BGP options 7.2.1

• Support BGP AS number input in asdot and asdot+ format 7.2.1

• SNMP OIDs with details about authenticated users 7.2.1

• Add new IPAM GUI page 7.2.1

• Assign multiple IP pools and subnets using IPAM Rules 7.2.1

• Add VCI pattern matching as a condition for IP or DHCP option assignment 7.2.1

• Support cross-VRF local-in and local-out traffic for local services 7.2.1

• FortiGate as FortiGate LAN extension 7.2.1

IPv6

• Send Netflow traffic to collector in IPv6 7.2.1

• IPv6 feature parity with IPv4 static and policy routes 7.2.1

Web proxy

• HTTPS download of PAC files for explicit proxy 7.2.1

System

General

• Restrict SSH and telnet jump host capabilities 7.2.1

• Enable automatic firmware updates 7.2.1

• Deregistration from the GUI 7.2.1

• Add government end user option for FortiCare registration 7.2.1

High availability

• Consolidate FGSP settings 7.2.1

• FGSP per-tunnel failover for IPsec 7.2.1

• FGCP over FGSP per-tunnel failover for IPsec 7.2.1

• Allow IPsec DPD in FGSP members to support failovers 7.2.1

• Applying the session synchronization filter only between FGSP peers in an FGCP over FGSP topology 7.2.1

FortiGuard

• FortiManager as override server for IoT query services 7.2.1

Policy & Objects

Zero Trust Network Access

• ZTNA device certificate verification from EMS for SSL VPN connections 7.2.1

• Mapping ZTNA virtual host and TCP forwarding domains to the DNS database 7.2.1

• Publishing ZTNA services through the ZTNA portal 7.2.1

• ZTNA inline CASB for SaaS application access control 7.2.1

• ZTNA policy access control of unmanaged devices 7.2.1

Security Profiles

Antivirus

• Inline scanning with FortiGuard AI-Based Sandbox Service 7.2.1

Others

• Add persistency for banned IP list 7.2.1

• Reduce memory usage on FortiGate models with 2 GB RAM or less by not running WAD processes for unused proxy features 7.2.1

User & Authentication

Authentication

• Vendor-Specific Attributes for TACACS 7.2.1

Secure Access

Wireless

• Support enabling or disabling 802.11d 7.2.1

• Improve MAC address filtering 7.2.1

• Support Layer 3 roaming for bridge mode 7.2.1

• Redesign rate control CLI 7.2.1

• Add GUI visibility for Advanced Wireless Features 7.2.1

• Add G-series FortiAP profiles supporting WiFi 6E Tri-band and Dual 5 GHz modes 7.2.1

• WPA3 enhancements to support H2E only and SAE-PK 7.2.1

Switch Controller

• Automatic revision backup upon FortiSwitch logout or firmware upgrade 7.2.1

Log & Report

Logging

• Summary tabs on System Events and Security Events log pages 7.2.1

• Add time frame selector to log viewer pages 7.2.1

• Updating log viewer and log filters 7.2.1

Cloud

Public and private cloud

• External ID support in STS for AWS SDN connector 7.2.1

• Permanent trial mode for FortiGate-VM 7.2.1

• Allow FortiManager to apply license to a BYOL FortiGate-VM instance 7.2.1

• Enable high encryption on FGFM protocol for unlicensed FortiGate-VMs 7.2.1