Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.2.4 FortiOS Release Notes

Changes in default behavior

7.2.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID b5f5f30a-9b79-11ed-8e6d-fa163e15d75b:230510
Download PDF

Changes in default behavior

Bug ID

Description

780568

Introduce CLI/WAD learn check for the same url-map among HTTPS, TCP forwarding, and SAML SP API gateway entities.

Before this change, the same url-map was allowed with different services. After this change, API gateway with the same url-map are not allowed under the same host (including empty vhosts).

If there is already a certain url-map configured in previous API gateways, under a certain vhost, then no more API gateways with the same url-map can be added under the same vhost. Users will get an error message stating this action is not allowed.

798427

The following enhancements have been added to the Top FortiSandbox Files FortiView monitor:

  • PDF reports are downloaded on-demand. By default, only 10 are kept in memory.
  • PDFs are deleted from memory after 24 hours.

819937

For new firewall policies with a deny action, set match-vip is enabled by default. When upgrading from a previous version, existing policy settings for match-vip are preserved.

829458

Remove the allow-quic option from the options setting under config application list. The QUIC option is also removed from the Application Sensor configuration page in the GUI. Since HTTP3 over QUIC is fully supported by FortiOS, blocking QUIC by default in the application control profile is no longer necessary.

829544

Remove the maintainer account (which allowed users to log in through the console after a hard reboot). Users who lose their password must have physical access to the FortiGate and perform a TFTP restore of the firmware in order to regain access to the FortiGate.

837048

In the following scenarios, creating a matching address object for an interface is enabled automatically and cannot be disabled:

  • When creating a new interface with the LAN role.
  • When an interface role is changed from a non-LAN role to a LAN role.

Once the address object is created, it cannot be deleted unless the interface role is changed to a non-LAN role.
Previous
Next

Changes in default behavior

Bug ID

Description

780568

Introduce CLI/WAD learn check for the same url-map among HTTPS, TCP forwarding, and SAML SP API gateway entities.

Before this change, the same url-map was allowed with different services. After this change, API gateway with the same url-map are not allowed under the same host (including empty vhosts).

If there is already a certain url-map configured in previous API gateways, under a certain vhost, then no more API gateways with the same url-map can be added under the same vhost. Users will get an error message stating this action is not allowed.

798427

The following enhancements have been added to the Top FortiSandbox Files FortiView monitor:

  • PDF reports are downloaded on-demand. By default, only 10 are kept in memory.
  • PDFs are deleted from memory after 24 hours.

819937

For new firewall policies with a deny action, set match-vip is enabled by default. When upgrading from a previous version, existing policy settings for match-vip are preserved.

829458

Remove the allow-quic option from the options setting under config application list. The QUIC option is also removed from the Application Sensor configuration page in the GUI. Since HTTP3 over QUIC is fully supported by FortiOS, blocking QUIC by default in the application control profile is no longer necessary.

829544

Remove the maintainer account (which allowed users to log in through the console after a hard reboot). Users who lose their password must have physical access to the FortiGate and perform a TFTP restore of the firmware in order to regain access to the FortiGate.

837048

In the following scenarios, creating a matching address object for an interface is enabled automatically and cannot be disabled:

  • When creating a new interface with the LAN role.
  • When an interface role is changed from a non-LAN role to a LAN role.

Once the address object is created, it cannot be deleted unless the interface role is changed to a non-LAN role.
Previous
Next