Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.2.4 FortiOS Release Notes

Changes in CLI

7.2.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID b5f5f30a-9b79-11ed-8e6d-fa163e15d75b:517622
Download PDF

Changes in CLI

Bug ID

Description

729063

Change ZTNA firewall vip6 option from arp-reply to ndp-reply.

config firewall vip6
    edit "test"
        set mappedip <IPv6_address>
        set ndp-reply {enable | disable}
    next
end

751715

Add command that allows users to switch between high-speed modem (USB 2.0, option 0) and super-speed modem (USB 3.0, option 1) operation mode.

# execute lte-modem set-usb-mode {0 | 1}

775793

Add shaping-stats option under config system npu to enable/disable NP7 traffic shaping statistics.

config system npu
    set shaping-stats {enable | disable}
end

785866

Add command to collect FortiLink-related data in the FortiGate debug report.

# diagnose debug fortilink-report {all | switch-id | switch-group}

796366

Add syslog-affinity option to set the CPU mask for syslogd and its child process.

config system global
    set syslog-affinity <string>
end

797620

Add cert-probe-failure option to allow/block the SSL-SSH profile deep inspection based on the certificate probe failure.

config firewall ssl-ssh-profile
    edit <name>
        config ssl
            set inspect-all deep-inspection
            set cert-probe-failure {allow | block}
        end
    next
end

815333

Add option for the unknown ESP packets detection feature (default = enable).

config system settings
    set detect-unknown-esp {enable | disable}
end

818061

Add diagnostic command to show the statistics of the SD-WAN peer' remote health checks.

# diagnose system sdwan health-check remote <name> <seq_num>

823811

Add srcaddr6/dstaddr6 negate option in security policy configuration.

config firewall security-policy
    set dstaddr6-negate {enable | disable}
    set srcaddr6-negate {enable | disable}
end

825479

Add restart option in the execute federated-upgrade command, which adds the ability to fail the multi-version upgrade in the event of a syntax error during the upgrade, and allows users to restart the currently configured upgrade through the CLI.

826036

Move unknown-content-encoding option from antivirus profile to firewall profile-protocol-options.

config firewall profile-protocol-options
    edit <name>
        config http
            set unknown-content-encoding {block | inspect | bypass}
        end
    next
end

836650

Add interface-subnet-usage option under config system global to enable/disable interface subnet usage.

config system global
    set interface-subnet-usage {disable | enable}
end
Previous
Next

Changes in CLI

Bug ID

Description

729063

Change ZTNA firewall vip6 option from arp-reply to ndp-reply.

config firewall vip6
    edit "test"
        set mappedip <IPv6_address>
        set ndp-reply {enable | disable}
    next
end

751715

Add command that allows users to switch between high-speed modem (USB 2.0, option 0) and super-speed modem (USB 3.0, option 1) operation mode.

# execute lte-modem set-usb-mode {0 | 1}

775793

Add shaping-stats option under config system npu to enable/disable NP7 traffic shaping statistics.

config system npu
    set shaping-stats {enable | disable}
end

785866

Add command to collect FortiLink-related data in the FortiGate debug report.

# diagnose debug fortilink-report {all | switch-id | switch-group}

796366

Add syslog-affinity option to set the CPU mask for syslogd and its child process.

config system global
    set syslog-affinity <string>
end

797620

Add cert-probe-failure option to allow/block the SSL-SSH profile deep inspection based on the certificate probe failure.

config firewall ssl-ssh-profile
    edit <name>
        config ssl
            set inspect-all deep-inspection
            set cert-probe-failure {allow | block}
        end
    next
end

815333

Add option for the unknown ESP packets detection feature (default = enable).

config system settings
    set detect-unknown-esp {enable | disable}
end

818061

Add diagnostic command to show the statistics of the SD-WAN peer' remote health checks.

# diagnose system sdwan health-check remote <name> <seq_num>

823811

Add srcaddr6/dstaddr6 negate option in security policy configuration.

config firewall security-policy
    set dstaddr6-negate {enable | disable}
    set srcaddr6-negate {enable | disable}
end

825479

Add restart option in the execute federated-upgrade command, which adds the ability to fail the multi-version upgrade in the event of a syntax error during the upgrade, and allows users to restart the currently configured upgrade through the CLI.

826036

Move unknown-content-encoding option from antivirus profile to firewall profile-protocol-options.

config firewall profile-protocol-options
    edit <name>
        config http
            set unknown-content-encoding {block | inspect | bypass}
        end
    next
end

836650

Add interface-subnet-usage option under config system global to enable/disable interface subnet usage.

config system global
    set interface-subnet-usage {disable | enable}
end
Previous
Next