Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.2.1 FortiOS Release Notes

Changes in default behavior

7.2.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 50068c11-014c-11ed-bb32-fa163e15d75b:230510
Download PDF

Changes in default behavior

Bug ID

Description

689737

Prior to this enhancement, individual applications can be selected in SD-WAN rules by default. Upon upgrade, the GUI functionality is available if applications are already configured in SD-WAN rules prior to upgrading. Otherwise, by default, individual applications and application groups cannot be selected in SD-WAN rules.

To enable in the GUI:

  1. Go to System > Feature Visibility.
  2. In the Additional Features section, enable Application Detection Based SD-WAN.
  3. Click Apply.

To enable in the CLI:

config system global
    set gui-app-detection-sdwan enable
end

761565

Change the encryption and decryption method of backup files to AES-GCM method. The backup configuration file encrypted by the new algorithm in 7.2.1 cannot be restored on FortiGates running FortiOS 7.2.0 and earlier.

771952

The 15-day evaluation period for a FortiGate VM is replaced with a permanent evaluation VM license. When spinning up a new FortiGate VM, the user will have a choice of logging in to FortiCare to activate the VM trial or to upload a full license. Each FortiCare account is entitled to one evaluation VM license.

Limitations of the evaluation VM license include:

  • There is only support for low encryption operation, except for GUI management access and FortiManager communications.
  • There is a maximum of one CPU and 2 GB of memory.
  • There is a maximum of three interfaces, firewall policies, and routes.
  • There is no FortiCare support.

The evaluation VM license is applicable to all private cloud (VMware ESXi, KVM, and so on) and all BYOL public cloud instances.

773165

By default on a new deployment, the FortiGate will use the certificate named Fortinet_GUI_Server for HTTPS administrative access. This certificate is generated and signed by the built-in Fortinet_CA_SSL certificate, which dynamically updates the SAN field of the Fortinet_GUI_Server certificate with IP addresses of all interfaces enabled for HTTPS. After installing the Fortinet_CA_SSL CA certificate on a PC, administrators can access the FortiGate GUI through a browser without any warnings.

783487

Prior to 7.2.1, after an HA failover due to memory utilization, the original primary device will not fail over back to the primary after memory has dropped below the threshold. Starting in 7.2.1, the original primary device will fail over back to the primary once its memory usage drops below the threshold.

796546

Loopback interfaces are no longer allowed to be configured as gateway interfaces on static routes. Upon upgrade, static route configurations with loopbacks as gateway interfaces will be removed.

Affected use case: a loopback interface may be used in a static route so that the route can be advertised by BGP using network or redistribute static. This scenario can no longer be configured.

Workaround: instead of creating a static route using a loopback interface, create a black hole route for the same destination. Then, advertise the network in BGP using network or redistribute static.

802757

In order for unlicensed FortiGate VMs to be managed by FortiManager, FortiOS enables high encryption on the FGFM protocol for a secure connection between the FortiGate and FortiManager. Upon being added into the device manager, FortiManager can install VM licenses to the managed FortiGate VMs.
Previous
Next

Changes in default behavior

Bug ID

Description

689737

Prior to this enhancement, individual applications can be selected in SD-WAN rules by default. Upon upgrade, the GUI functionality is available if applications are already configured in SD-WAN rules prior to upgrading. Otherwise, by default, individual applications and application groups cannot be selected in SD-WAN rules.

To enable in the GUI:

  1. Go to System > Feature Visibility.
  2. In the Additional Features section, enable Application Detection Based SD-WAN.
  3. Click Apply.

To enable in the CLI:

config system global
    set gui-app-detection-sdwan enable
end

761565

Change the encryption and decryption method of backup files to AES-GCM method. The backup configuration file encrypted by the new algorithm in 7.2.1 cannot be restored on FortiGates running FortiOS 7.2.0 and earlier.

771952

The 15-day evaluation period for a FortiGate VM is replaced with a permanent evaluation VM license. When spinning up a new FortiGate VM, the user will have a choice of logging in to FortiCare to activate the VM trial or to upload a full license. Each FortiCare account is entitled to one evaluation VM license.

Limitations of the evaluation VM license include:

  • There is only support for low encryption operation, except for GUI management access and FortiManager communications.
  • There is a maximum of one CPU and 2 GB of memory.
  • There is a maximum of three interfaces, firewall policies, and routes.
  • There is no FortiCare support.

The evaluation VM license is applicable to all private cloud (VMware ESXi, KVM, and so on) and all BYOL public cloud instances.

773165

By default on a new deployment, the FortiGate will use the certificate named Fortinet_GUI_Server for HTTPS administrative access. This certificate is generated and signed by the built-in Fortinet_CA_SSL certificate, which dynamically updates the SAN field of the Fortinet_GUI_Server certificate with IP addresses of all interfaces enabled for HTTPS. After installing the Fortinet_CA_SSL CA certificate on a PC, administrators can access the FortiGate GUI through a browser without any warnings.

783487

Prior to 7.2.1, after an HA failover due to memory utilization, the original primary device will not fail over back to the primary after memory has dropped below the threshold. Starting in 7.2.1, the original primary device will fail over back to the primary once its memory usage drops below the threshold.

796546

Loopback interfaces are no longer allowed to be configured as gateway interfaces on static routes. Upon upgrade, static route configurations with loopbacks as gateway interfaces will be removed.

Affected use case: a loopback interface may be used in a static route so that the route can be advertised by BGP using network or redistribute static. This scenario can no longer be configured.

Workaround: instead of creating a static route using a loopback interface, create a black hole route for the same destination. Then, advertise the network in BGP using network or redistribute static.

802757

In order for unlicensed FortiGate VMs to be managed by FortiManager, FortiOS enables high encryption on the FGFM protocol for a secure connection between the FortiGate and FortiManager. Upon being added into the device manager, FortiManager can install VM licenses to the managed FortiGate VMs.
Previous
Next