DOCUMENT LIBRARY

FortiGate / FortiOS

FortiOS Release Notes

Home FortiGate / FortiOS 7.2.1 FortiOS Release Notes

7.2.1

Changes in CLI

Changes in CLI

Bug ID	Description
750230	Add support for up to 30 virtual clusters (previously, only two were supported). The `vcluster2` and `config secondary-vcluster` settings have bee replaced. config system ha set vcluster-status enable config vcluster edit <id> ... next end end
773524	Add option to configure whether the banned IP list persists through a power cycle. config firewall global set banned-ip-persistency {disabled \| permanent-only \| all} end The `diagnose user quarantine <parameter>` command has changed to `diagnose user banned-ip <parameter>`.
789554	Consolidate the FGSP settings by moving the previous `config system cluster-sync` settings into a subtable under `config system standalone-cluster`. Old syntax: config system cluster-sync edit <id> set peervd <VDOM> set peerip <address> set syncvd <VDOM> config session-sync-filter ... end next end New syntax: config system standalone-cluster config cluster-peer edit <id> set peervd <VDOM> set peerip <address> set syncvd <VDOM> config session-sync-filter ... end next end end
795943	NetFlow collector and source IPs can be configured as an IPv4 or IPv6 address. This is supported in VDOM mode within global and VDOM configurations. config system netflow set collector-ip <IPv4/IPv6_adddress> set source-ip <IPv4/IPv6_adddress> end
798305	For non-hyperscale VDOMs, extend the maximum PBA timeout to 86400 seconds (3 - 86400, default = 30): config firewall ippool edit <name> set pba-timeout <integer> next end For CGNAT cases, extending the PBA timeout allows PBA logs to be generated less frequently on the FortiGate.
799832	For `webhook`, `aws-lambda`, `azure-function`, `google-cloud-function`, and `alicloud-function` automation actions, change the `headers` attribute to a `http-headers` configurable subtable (instead of a `PARSE_F_MEMBER` attribute) so the subtable entries are a key-value pair that can be variable sized strings. config system automation-action edit <name> set action-type {webhook \| aws-lambda \| azure-function \| google-cloud-function \| alicloud-function} config http-headers edit 1 set key <string> set value <string> next edit 2 set key <string> set value <string> next end next end
801707	Remove the `ike-monitor`, `ike-monitor-interval`, `ike-heartbeat-interval`, and `ike-use-rfc6311` settings from `config system cluster-sync`.
816604	Remove the `purge` command under `endpoint-control fctems`.

Previous

Next

Changes in CLI

Changes in CLI

Bug ID	Description
750230	Add support for up to 30 virtual clusters (previously, only two were supported). The `vcluster2` and `config secondary-vcluster` settings have bee replaced. config system ha set vcluster-status enable config vcluster edit <id> ... next end end
773524	Add option to configure whether the banned IP list persists through a power cycle. config firewall global set banned-ip-persistency {disabled \| permanent-only \| all} end The `diagnose user quarantine <parameter>` command has changed to `diagnose user banned-ip <parameter>`.
789554	Consolidate the FGSP settings by moving the previous `config system cluster-sync` settings into a subtable under `config system standalone-cluster`. Old syntax: config system cluster-sync edit <id> set peervd <VDOM> set peerip <address> set syncvd <VDOM> config session-sync-filter ... end next end New syntax: config system standalone-cluster config cluster-peer edit <id> set peervd <VDOM> set peerip <address> set syncvd <VDOM> config session-sync-filter ... end next end end
795943	NetFlow collector and source IPs can be configured as an IPv4 or IPv6 address. This is supported in VDOM mode within global and VDOM configurations. config system netflow set collector-ip <IPv4/IPv6_adddress> set source-ip <IPv4/IPv6_adddress> end
798305	For non-hyperscale VDOMs, extend the maximum PBA timeout to 86400 seconds (3 - 86400, default = 30): config firewall ippool edit <name> set pba-timeout <integer> next end For CGNAT cases, extending the PBA timeout allows PBA logs to be generated less frequently on the FortiGate.
799832	For `webhook`, `aws-lambda`, `azure-function`, `google-cloud-function`, and `alicloud-function` automation actions, change the `headers` attribute to a `http-headers` configurable subtable (instead of a `PARSE_F_MEMBER` attribute) so the subtable entries are a key-value pair that can be variable sized strings. config system automation-action edit <name> set action-type {webhook \| aws-lambda \| azure-function \| google-cloud-function \| alicloud-function} config http-headers edit 1 set key <string> set value <string> next edit 2 set key <string> set value <string> next end next end
801707	Remove the `ike-monitor`, `ike-monitor-interval`, `ike-heartbeat-interval`, and `ike-use-rfc6311` settings from `config system cluster-sync`.
816604	Remove the `purge` command under `endpoint-control fctems`.

Previous

Next