DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
New Features
Overview
GUI
General usability enhancements
Updated Dashboard and FortiView
Accessing additional support resources
Run simultaneous packet captures and use the command palette
Update FortiSandbox Files FortiView monitor
Combine the Device Inventory widget and Asset Identity Center page
GUI enhancements for FortiGuard DLP service 7.4.1
FortiConverter usability improvements 7.4.1
Update FortiGuard License Information widget 7.4.1
Optimize policy and objects pages and dialogs 7.4.2
Indicate Special Technical Support builds 7.4.2
Network
General
Using MP-BGP EVPN with VXLAN
Add route tag address objects
Configuring a DHCP shared subnet
Configuring DHCP smart relay on interfaces with a secondary IP
Improve DVLAN QinQ performance for NP7 platforms over virtual wire pairs
Active SIM card switching available on FortiGates with cellular modem and dual SIM card support
LAG interface status signaled to peer when available links fall below min-link
Configuring multiple DDNS entries in the GUI
Support DHCP client mode for inter-VDOM links 7.4.1
Configuring FortiGate LAN extension the GUI 7.4.1
Transparent conditional DNS forwarder 7.4.1
IPAM enhancements 7.4.1
DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes 7.4.1
Enhancement to QUIC and HTTP3 inspection 7.4.1
Interfaces in non-management VDOMs as the source IP address of the DNS conditional forwarding server 7.4.1
FortiGate 3G4G: improved dual SIM card switching capabilities 7.4.1
Cellular interface of FortiGate-40F-3G4G supports IPv6 7.4.1
Connectivity Fault Management supported for network troubleshooting 7.4.1
Support LTE / BLE airplane mode for FGR-70F-3G4G 7.4.1
BGP incorporates the advanced security measures of TCP Authentication Option (TCP-AO) 7.4.2
Allow multiple sFlow collectors 7.4.2
Support BGP graceful restart helper-only mode 7.4.2
Support for LAN extension VDOM simplifications 7.4.2
Allow multiple Netflow collectors 7.4.2
Enhance port-level control for STP and 802.1x authentication 7.4.2
Allow backup customization for DHCP leases during power cycles 7.4.4
Assign multiple remote Autonomous Systems to a single BGP neighbor group 7.4.4
Upgrade LTE modem firmware directly from FortiGuard 7.4.4
Support RADIUS Vendor-Specific Attributes for captive portal redirects 7.4.4
GUI support for DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes 7.4.4
Store packet capture criteria 7.4.4
Handling IPv4 SCTP packets with zero checksum on the NP7 platform 7.4.4
Support for inspection of 802.1ah packet headers in virtual wire pairs 7.4.5
IPv6
BGP conditional advertisements for IPv6 prefix when IPv4 prefix conditions are met and vice-versa
Explicit and transparent proxy
Changing the FTP mode from active to passive for explicit proxy
Configuring a secure explicit proxy
Explicit proxy logging enhancements
Support the Happy Eyeballs algorithm for explicit proxy 7.4.1
Support webpages to properly display CORS content in an explicit proxy environment 7.4.1
Forward HTTPS requests to a web server without the need for an HTTP CONNECT message 7.4.1
Support web proxy forward server over IPv6 7.4.1
SD-WAN
Overlays and underlays
Using a single IKE elector in ADVPN to match all SD-WAN control plane traffic
Improve client-side settings for SD-WAN network monitor 7.4.1
Support the new SD-WAN Overlay-as-a-Service 7.4.1
IPv6 support for SD-WAN segmentation over a single overlay 7.4.2
SD-WAN hub and spoke speed test improvements 7.4.2
ADVPN 2.0 edge discovery and path management 7.4.2
Support an OaaS agent for uninterrupted spoke traffic 7.4.4
Routing
Add option to keep sessions in established ADVPN shortcuts while they remain in SLA
Allow better control over the source IP used by each egress interface for local out traffic
SD-WAN multi-PoP multi-hub large scale design and failover 7.4.1
Active dynamic BGP neighbor triggered by ADVPN shortcut 7.4.1
Performance SLA
Logging FortiMonitor-detected performance metrics
Classifying SLA probes for traffic prioritization
VRF-aware SD-WAN IPv6 health checks
Support maximize bandwidth (SLA) to load balance spoke-to-spoke traffic between multiple ADVPN shortcuts
Support HTTPS performance SLA health checks 7.4.1
Service rules
Support IPv6 application based steering in SD-WAN
Allow SD-WAN to steer multicast traffic
Using load balancing in a manual SD-WAN rule without configuring an SLA target 7.4.1
Policy and objects
NGFW
Add scanunit support for learning mode
Support dynamic Fabric address in security policies 7.4.1
Policies
Support destination port matching of central SNAT rules
Support the Port Control Protocol
Improve the performance of the GUI policy list
Process Ethernet frames with Cisco Security Group Tag and VLAN tag
Support port block allocation for NAT64
Support refreshing active sessions for specific protocols and port ranges per VDOM in a specified direction 7.4.1
Update policy lookup tool with policy match tool 7.4.1
Policy list enhancements 7.4.1
Unified Policy name and ID column 7.4.1
Support IPS inspection for multicast UDP traffic 7.4.2
Optimize virtual patching on the local-in interface 7.4.2
Enhanced logging for NAT persistent sessions utilizing PBA 7.4.4
Unified policy name and ID column 7.4.4
Fine-tuning source port behavior for SNAT 7.4.4
Objects
Increase the number of supported dynamic FSSO IP addresses
Internet service as source addresses in the local-in policy 7.4.4
Traffic shaping
Traffic shaping extensions
DSCP marking for self-generated traffic 7.4.4
Protocol options
Stripping the X-Forwarded-For value in the HTTP header 7.4.2
Zero Trust Network Access
General
Introduce new ZTNA replacement message types 7.4.1
Condense ZTNA server mapping configurations 7.4.2
Introduce Fabric integration with FortiGSLB 7.4.2
Tags and EMS connectors
Support logical AND for tag matching between primary and secondary EMS tags in a firewall policy
Support sending the FortiGate interface subnet list to EMS
Add the Any and All options back for security posture tags in the GUI 7.4.2
Rename ZTNA Tag to Security Posture Tag in the GUI 7.4.2
ZTNA policies
Introduce simplified ZTNA rules within firewall policies
Application gateway
Dynamic interface IP addresses for access proxy VIPs 7.4.5
Security posture and EMS connector
Share ZTNA application configurations with FortiClient EMS 7.4.4
Security profiles
Antivirus
Download quarantined files in archive format 7.4.1
Support XLSB, OpenOffice, and RTF files for CDR in antivirus profiles 7.4.4
Web filter
Add FortiGuard web filter categories for AI and cryptocurrency 7.4.1
Support Punycode encoding for the url and hostname fields in flow inspection logs 7.4.2
Search engine support extended to flow-based web filter profiles 7.4.4
IPS
Support full extended IPS database for FortiGate VMs with eight cores or more
Support Diameter protocol inspection on the FortiGate 7.4.2
Virtual patching
Support OT and IoT virtual patching on NAC policies
Virtual patching profile 7.4.1
Improve visibility of OT vulnerabilities and virtual patching signatures 7.4.2
Others
Improve replacement message displayed in blocked videos
Introduce SIP IPS profile as a complement to SIP ALG
Add inline CASB security profile 7.4.1
Support domain name in XFF with ICAP 7.4.1
Enhance the video filter profile with a new level of customization and control 7.4.2
Enhancements to data loss prevention (DLP) 7.4.2
GUI support for exact data match (EDM) for data loss prevention 7.4.4
Control TLS connections that utilize Encrypted Client Hello 7.4.4
Proxy-related features no longer supported on FortiGate 2 GB RAM models 7.4.4
Support the Zstandard compression algorithm for web content 7.4.5
VPN
IPsec and SSL VPN
Update the SSL VPN web portal layout using Neutrino
Improve the styling of the SSL VPN landing page
Allow SSL VPN login to be redirected to a custom landing page
IPsec SA key retrieval from a KMS server using KMIP
Add user group information to the SSL-VPN monitor
IPsec IKE load balancing based on FortiSASE account information
Adjust DTLS heartbeat parameter for SSL VPN
SAML-based authentication for FortiClient remote access dialup IPsec VPN clients
Multiple interface monitoring for IPsec 7.4.1
Update SSL VPN default behavior and visibility in the GUI 7.4.1
Securely exchange serial numbers between FortiGates connected with IPsec VPN 7.4.1
IPsec split DNS 7.4.1
Support IPsec tunnel to change names 7.4.2
Encapsulate ESP packets within TCP headers 7.4.2
IPsec key retrieval with a QKD system using the ETSI standardized API 7.4.2
Support for autoconnect to IPsec VPN using Microsoft Entra ID 7.4.2
TCP encapsulation of IKE and IPsec packets across multiple vendors 7.4.4
Enhancing IPsec security using EMS SN verification 7.4.4
Cross-validation for IPsec VPN 7.4.4
Resuming sessions for IPsec tunnel IKE version 2 7.4.4
Restriction and validation of HTTP messages 7.4.4
Matching IPsec tunnel gateway based on address parameters 7.4.4
User and authentication
Authentication
Add RADSEC client support
Enable the FortiToken Cloud free trial directly from the FortiGate
Enhance complexity options for local user password policy 7.4.1
RADIUS integrated certificate authentication for SSL VPN 7.4.1
New options for certificate validation and FortiClient EMS tag matching 7.4.4
LAN Edge
Wireless
Add profile support for UNII-4 5GHz band on FortiAP G-series models
Add support for WPA3-SAE security mode on mesh backhaul SSIDs
Implement multi-processing for the wpad daemon for large-scale FortiAP management
Add support for an IPsec VPN tunnel that carries the FortiAP SN
Support for WPA3 security modes on FortiWiFi units operating in Client Mode
Support Dynamic VLAN assignment with multiple VLAN IDs per Name Tag 7.4.1
Support for EAP/TLS on FortiWiFi models operating in Client Mode 7.4.1
Enable AP and Client mode on FortiWiFi 80F series models 7.4.1
Integration with Pole Star's NAO Cloud service for BLE asset tag tracking 7.4.1
Wireless Foreground Scan improvements 7.4.1
Support for MIMO mode configuration 7.4.1
Add GUI support for configuring WPA3-SAE security mode on mesh backhaul SSIDs 7.4.1
Add support for SAE-PK generation 7.4.2
Support RADIUS accounting interim update on roaming for WPA Enterprise security 7.4.2
Improve Bonjour profile provisioning and redundancy 7.4.2
GUI support for WPA3 security mode on Client mode FortiWiFi units 7.4.2
Support WPA3 options when the FortiAP radio mode is set to SAM 7.4.2
Add automated reboot functionality for FortiAPs 7.4.2
Support individual control of 802.11k and 802.11v protocols 7.4.2
Support external antennas in select FortiAP models 7.4.2
Support Hitless Rolling AP upgrade 7.4.2
Support third-party antennas in select FortiAP models 7.4.2
Improve CAPWAP stability over NAT 7.4.2
Enhance memory optimization in FortiGate-managed FortiAPs 7.4.4
Support for Beacon Protection 7.4.4
Add support for managing the FortiAP USB port status 7.4.4
Support more Captive Portal security modes 7.4.4
Add profile support for Wi-Fi 7 on FortiAP K-series models 7.4.4
Support receiving the NAS-Filter-Rule during Wi-Fi authentication 7.4.4
Support MACsec on FortiAP G-series 7.4.4
Improve packet detection on the FortiAP sniffer 7.4.5
Support RADIUS MAC Authentication for MPSK on WPA3 SAE SSID 7.4.5
Add BLE integration and support for Evresys RTLS solution 7.4.5
Support uploading a captive portal's certificate authority to the FortiAP 7.4.5
Switch controller
Specify FortiSwitch names to use in switch-controller CLI commands
Support user-configurable ACL
Support configuring DHCP-snooping option-82 settings
Display DHCP-snooping option-82 data
Support automatically allowing and blocking intra-VLAN traffic based on FortiLink connectivity 7.4.1
Support the FortiOS one-arm sniffer on a mirrored VLAN interface 7.4.1
Support new commands for Precision Time Protocol configuration 7.4.1
Support inter-VLAN routing by managed FortiSwitch units 7.4.1
Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1
Support for the authentication and encryption of fabric links 7.4.1
Synchronize the FortiOS interface description with the FortiSwitch VLAN description 7.4.1
Support FortiSwitch management using HTTPS 7.4.2
Set the priority for dynamic or egress VLAN assignment 7.4.2
Specify how RADIUS request attributes are formatted 7.4.2
Dynamically assign the NAS-IP-Address attribute 7.4.2
Support LACP fallback mode 7.4.4
Support dynamic access control lists for managed switches 7.4.4
Use FortiSwitch event log IDs as triggers for automation stitches 7.4.4
Enhanced device-matching logic based on policy priority 7.4.4
Specify a tagged VLAN for when the authentication server is unavailable 7.4.4
FortiExtender
Fast failover of CAPWAP control channel between two uplinks
Support internet connectivity for WiFi clients through FortiExtender in LAN-extension mode 7.4.4
Support fast failover for FortiExtender 7.4.4
System
General
Display warnings for supported Fabric devices passing their hardware EOS date
Add setting to control the upper limit of the FQDN refresh timer
Command to compute file hashes
Support checking for firmware updates daily when auto firmware upgrade is enabled
FortiConverter in the GUI
Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release
Prevent firmware upgrades when the support contract is expired using the GUI 7.4.1
Automatic firmware upgrade enhancements 7.4.1
Introduce selected availability (SA) version and label 7.4.1
View batch transaction commands through the REST API 7.4.1
Separate the SSHD host key from the administration server certificate 7.4.2
FortiOS REST API enhances FortiManager interaction with FortiExtender 7.4.2
CLI system permissions 7.4.2
Memory usage reduced on FortiGate models with 2 GB RAM 7.4.2
Prevent firmware upgrade depending on the current firmware license's expiration date 7.4.2
Updated default email notification server 7.4.4
Configure TCP NPU session delay globally 7.4.5
Automatic firmware upgrade control 7.4.5
High availability
FGCP HA between FortiGates of the same model with different AC and DC PSUs
FGCP multi-version cluster upgrade 7.4.1
Enhance IPv6 VRRP state control 7.4.2
SNMP
Add SNMP trap for memory usage on FortiGates 7.4.2
Add SNMP trap for PSU power restore 7.4.2
Enabling the INDEX extension 7.4.4
FortiGuard
FortiGuard DLP service
Attack Surface Security Rating service 7.4.1
Operational Technology Security Service 7.4.1
Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1
Certificates
Support Enrollment over Secure Transport for automatic certificate management 7.4.1
Security
Enhance BIOS-level signature and file integrity checking
Real-time file system integrity checking
Add built-in entropy source 7.4.1
Unauthorized firmware modification attempt reporting 7.4.1
Enhance file integrity check to perform verification during system bootup 7.4.4
Enhance real-time file system integrity checking 7.4.4
Security Fabric
Fabric settings and connectors
MAC address threat feed
Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis
Update FortiVoice connector features 7.4.1
Support for FortiVoice tag dynamic address in NAC policies 7.4.4
External resource entry limit enhancements 7.4.4
Support multi-tenant FortiClient Cloud fabric connectors 7.4.4
External SDN connectors
Support IPv6 dynamic addresses retrieved from Cisco ACI SDN connector
Security ratings
Support CIS compliance standards within security ratings 7.4.1
Add prompt for one-time upgrade when a critical vulnerability is detected upon login 7.4.1
Automation
Improve automation trigger and action selection
Asset Identity Center
Configure Purdue Levels for Fabric devices 7.4.2
Log and report
Logging
Support switching to an alternate FortiAnalyzer if the main FortiAnalyzer is unavailable 7.4.1
Introduce new log fields for long-live sessions 7.4.2
Cloud
Public and private cloud
Support the AWS t4g, c6a, and c6in instance families
VMware ESXi FortiGate-VM as ZTNA gateway
Support the new AWS c7gn instance family
Support SCCC backed by AliCloud
Upgrade AWS ENA network interface driver to 2.8.3
Support UEFI-Preferred boot mode on AWS FortiGate-VM models
OCI DRCC support
Support multiple compartments and regions with single OCI SDN connector
Add Cisco ACI ESG support for direct connector 7.4.1
Add OVF template support for VMware ESXi 8 7.4.1
GCP support for C3 machine type 7.4.1
AWS support for local zones 7.4.1
AWS SBE support 7.4.1
GCP support for C3A and C3D machine type 7.4.2
Add FortiFlex GUI option 7.4.2
AliCloud support for c7, c7a, and g5ne instance families 7.4.2
AliCloud support change route table with IPv4 gateway for HA 7.4.2
AWS SDN Connector support for alternate resources 7.4.2
Integrate FortiGate Azure vWAN solution with Azure Monitor to capture health metrics 7.4.2
Customizing the FortiFlex license token activation retry parameters 7.4.2
GCP support for confidential computing 7.4.3
Support the AWS c7i and c7a instance families 7.4.4
AWS silent fips-cipher enablement 7.4.4
Azure FortiGate-VM vWAN NVA support for PAYG metered billing 7.4.4
GCP SDN connector to support IPv6 route table update via NextHopInstance 7.4.4
Support for AliCloud Apsara Stack 7.4.4
Azure SDN connector moves private IP address on trusted NIC during A-P HA failover 7.4.5
Azure SDN connector relay through FortiManager support 7.4.5
GCP SDN connector relay through FortiManager support 7.4.5
OCI SDN connector IPv6 A-P HA failover support 7.4.5
Azure SDN connector GraphQL bulk query support 7.4.5
OCI SDN connector IPv6 address object support 7.4.5
Operational Technology
System
Configuring the Purdue Level for discovered assets based on detected interface
Support for IEC 60870-5-101 serial to IEC 60870-5-104 TCP/IP transport 7.4.4
Support for Modbus serial to Modbus TCP 7.4.4
Index
7.4.0
7.4.1
7.4.2
7.4.4
7.4.5
Change Log
Home
FortiGate / FortiOS 7.4.0
New Features
7.4.0
7.6.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
OCI SDN connector IPv6 address object support
7.4.5
OCI SDN connector IPv6 address object support
7.4.5
OCI SDN connectors support IPv6 address objects.
Previous
Next
OCI SDN connector IPv6 address object support
7.4.5
OCI SDN connector IPv6 address object support
7.4.5
OCI SDN connectors support IPv6 address objects.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Overview
GUI
General usability enhancements
Updated Dashboard and FortiView
Accessing additional support resources
Run simultaneous packet captures and use the command palette
Update FortiSandbox Files FortiView monitor
Combine the Device Inventory widget and Asset Identity Center page
GUI enhancements for FortiGuard DLP service 7.4.1
FortiConverter usability improvements 7.4.1
Update FortiGuard License Information widget 7.4.1
Optimize policy and objects pages and dialogs 7.4.2
Indicate Special Technical Support builds 7.4.2
Network
General
Using MP-BGP EVPN with VXLAN
Add route tag address objects
Configuring a DHCP shared subnet
Configuring DHCP smart relay on interfaces with a secondary IP
Improve DVLAN QinQ performance for NP7 platforms over virtual wire pairs
Active SIM card switching available on FortiGates with cellular modem and dual SIM card support
LAG interface status signaled to peer when available links fall below min-link
Configuring multiple DDNS entries in the GUI
Support DHCP client mode for inter-VDOM links 7.4.1
Configuring FortiGate LAN extension the GUI 7.4.1
Transparent conditional DNS forwarder 7.4.1
IPAM enhancements 7.4.1
DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes 7.4.1
Enhancement to QUIC and HTTP3 inspection 7.4.1
Interfaces in non-management VDOMs as the source IP address of the DNS conditional forwarding server 7.4.1
FortiGate 3G4G: improved dual SIM card switching capabilities 7.4.1
Cellular interface of FortiGate-40F-3G4G supports IPv6 7.4.1
Connectivity Fault Management supported for network troubleshooting 7.4.1
Support LTE / BLE airplane mode for FGR-70F-3G4G 7.4.1
BGP incorporates the advanced security measures of TCP Authentication Option (TCP-AO) 7.4.2
Allow multiple sFlow collectors 7.4.2
Support BGP graceful restart helper-only mode 7.4.2
Support for LAN extension VDOM simplifications 7.4.2
Allow multiple Netflow collectors 7.4.2
Enhance port-level control for STP and 802.1x authentication 7.4.2
Allow backup customization for DHCP leases during power cycles 7.4.4
Assign multiple remote Autonomous Systems to a single BGP neighbor group 7.4.4
Upgrade LTE modem firmware directly from FortiGuard 7.4.4
Support RADIUS Vendor-Specific Attributes for captive portal redirects 7.4.4
GUI support for DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes 7.4.4
Store packet capture criteria 7.4.4
Handling IPv4 SCTP packets with zero checksum on the NP7 platform 7.4.4
Support for inspection of 802.1ah packet headers in virtual wire pairs 7.4.5
IPv6
BGP conditional advertisements for IPv6 prefix when IPv4 prefix conditions are met and vice-versa
Explicit and transparent proxy
Changing the FTP mode from active to passive for explicit proxy
Configuring a secure explicit proxy
Explicit proxy logging enhancements
Support the Happy Eyeballs algorithm for explicit proxy 7.4.1
Support webpages to properly display CORS content in an explicit proxy environment 7.4.1
Forward HTTPS requests to a web server without the need for an HTTP CONNECT message 7.4.1
Support web proxy forward server over IPv6 7.4.1
SD-WAN
Overlays and underlays
Using a single IKE elector in ADVPN to match all SD-WAN control plane traffic
Improve client-side settings for SD-WAN network monitor 7.4.1
Support the new SD-WAN Overlay-as-a-Service 7.4.1
IPv6 support for SD-WAN segmentation over a single overlay 7.4.2
SD-WAN hub and spoke speed test improvements 7.4.2
ADVPN 2.0 edge discovery and path management 7.4.2
Support an OaaS agent for uninterrupted spoke traffic 7.4.4
Routing
Add option to keep sessions in established ADVPN shortcuts while they remain in SLA
Allow better control over the source IP used by each egress interface for local out traffic
SD-WAN multi-PoP multi-hub large scale design and failover 7.4.1
Active dynamic BGP neighbor triggered by ADVPN shortcut 7.4.1
Performance SLA
Logging FortiMonitor-detected performance metrics
Classifying SLA probes for traffic prioritization
VRF-aware SD-WAN IPv6 health checks
Support maximize bandwidth (SLA) to load balance spoke-to-spoke traffic between multiple ADVPN shortcuts
Support HTTPS performance SLA health checks 7.4.1
Service rules
Support IPv6 application based steering in SD-WAN
Allow SD-WAN to steer multicast traffic
Using load balancing in a manual SD-WAN rule without configuring an SLA target 7.4.1
Policy and objects
NGFW
Add scanunit support for learning mode
Support dynamic Fabric address in security policies 7.4.1
Policies
Support destination port matching of central SNAT rules
Support the Port Control Protocol
Improve the performance of the GUI policy list
Process Ethernet frames with Cisco Security Group Tag and VLAN tag
Support port block allocation for NAT64
Support refreshing active sessions for specific protocols and port ranges per VDOM in a specified direction 7.4.1
Update policy lookup tool with policy match tool 7.4.1
Policy list enhancements 7.4.1
Unified Policy name and ID column 7.4.1
Support IPS inspection for multicast UDP traffic 7.4.2
Optimize virtual patching on the local-in interface 7.4.2
Enhanced logging for NAT persistent sessions utilizing PBA 7.4.4
Unified policy name and ID column 7.4.4
Fine-tuning source port behavior for SNAT 7.4.4
Objects
Increase the number of supported dynamic FSSO IP addresses
Internet service as source addresses in the local-in policy 7.4.4
Traffic shaping
Traffic shaping extensions
DSCP marking for self-generated traffic 7.4.4
Protocol options
Stripping the X-Forwarded-For value in the HTTP header 7.4.2
Zero Trust Network Access
General
Introduce new ZTNA replacement message types 7.4.1
Condense ZTNA server mapping configurations 7.4.2
Introduce Fabric integration with FortiGSLB 7.4.2
Tags and EMS connectors
Support logical AND for tag matching between primary and secondary EMS tags in a firewall policy
Support sending the FortiGate interface subnet list to EMS
Add the Any and All options back for security posture tags in the GUI 7.4.2
Rename ZTNA Tag to Security Posture Tag in the GUI 7.4.2
ZTNA policies
Introduce simplified ZTNA rules within firewall policies
Application gateway
Dynamic interface IP addresses for access proxy VIPs 7.4.5
Security posture and EMS connector
Share ZTNA application configurations with FortiClient EMS 7.4.4
Security profiles
Antivirus
Download quarantined files in archive format 7.4.1
Support XLSB, OpenOffice, and RTF files for CDR in antivirus profiles 7.4.4
Web filter
Add FortiGuard web filter categories for AI and cryptocurrency 7.4.1
Support Punycode encoding for the url and hostname fields in flow inspection logs 7.4.2
Search engine support extended to flow-based web filter profiles 7.4.4
IPS
Support full extended IPS database for FortiGate VMs with eight cores or more
Support Diameter protocol inspection on the FortiGate 7.4.2
Virtual patching
Support OT and IoT virtual patching on NAC policies
Virtual patching profile 7.4.1
Improve visibility of OT vulnerabilities and virtual patching signatures 7.4.2
Others
Improve replacement message displayed in blocked videos
Introduce SIP IPS profile as a complement to SIP ALG
Add inline CASB security profile 7.4.1
Support domain name in XFF with ICAP 7.4.1
Enhance the video filter profile with a new level of customization and control 7.4.2
Enhancements to data loss prevention (DLP) 7.4.2
GUI support for exact data match (EDM) for data loss prevention 7.4.4
Control TLS connections that utilize Encrypted Client Hello 7.4.4
Proxy-related features no longer supported on FortiGate 2 GB RAM models 7.4.4
Support the Zstandard compression algorithm for web content 7.4.5
VPN
IPsec and SSL VPN
Update the SSL VPN web portal layout using Neutrino
Improve the styling of the SSL VPN landing page
Allow SSL VPN login to be redirected to a custom landing page
IPsec SA key retrieval from a KMS server using KMIP
Add user group information to the SSL-VPN monitor
IPsec IKE load balancing based on FortiSASE account information
Adjust DTLS heartbeat parameter for SSL VPN
SAML-based authentication for FortiClient remote access dialup IPsec VPN clients
Multiple interface monitoring for IPsec 7.4.1
Update SSL VPN default behavior and visibility in the GUI 7.4.1
Securely exchange serial numbers between FortiGates connected with IPsec VPN 7.4.1
IPsec split DNS 7.4.1
Support IPsec tunnel to change names 7.4.2
Encapsulate ESP packets within TCP headers 7.4.2
IPsec key retrieval with a QKD system using the ETSI standardized API 7.4.2
Support for autoconnect to IPsec VPN using Microsoft Entra ID 7.4.2
TCP encapsulation of IKE and IPsec packets across multiple vendors 7.4.4
Enhancing IPsec security using EMS SN verification 7.4.4
Cross-validation for IPsec VPN 7.4.4
Resuming sessions for IPsec tunnel IKE version 2 7.4.4
Restriction and validation of HTTP messages 7.4.4
Matching IPsec tunnel gateway based on address parameters 7.4.4
User and authentication
Authentication
Add RADSEC client support
Enable the FortiToken Cloud free trial directly from the FortiGate
Enhance complexity options for local user password policy 7.4.1
RADIUS integrated certificate authentication for SSL VPN 7.4.1
New options for certificate validation and FortiClient EMS tag matching 7.4.4
LAN Edge
Wireless
Add profile support for UNII-4 5GHz band on FortiAP G-series models
Add support for WPA3-SAE security mode on mesh backhaul SSIDs
Implement multi-processing for the wpad daemon for large-scale FortiAP management
Add support for an IPsec VPN tunnel that carries the FortiAP SN
Support for WPA3 security modes on FortiWiFi units operating in Client Mode
Support Dynamic VLAN assignment with multiple VLAN IDs per Name Tag 7.4.1
Support for EAP/TLS on FortiWiFi models operating in Client Mode 7.4.1
Enable AP and Client mode on FortiWiFi 80F series models 7.4.1
Integration with Pole Star's NAO Cloud service for BLE asset tag tracking 7.4.1
Wireless Foreground Scan improvements 7.4.1
Support for MIMO mode configuration 7.4.1
Add GUI support for configuring WPA3-SAE security mode on mesh backhaul SSIDs 7.4.1
Add support for SAE-PK generation 7.4.2
Support RADIUS accounting interim update on roaming for WPA Enterprise security 7.4.2
Improve Bonjour profile provisioning and redundancy 7.4.2
GUI support for WPA3 security mode on Client mode FortiWiFi units 7.4.2
Support WPA3 options when the FortiAP radio mode is set to SAM 7.4.2
Add automated reboot functionality for FortiAPs 7.4.2
Support individual control of 802.11k and 802.11v protocols 7.4.2
Support external antennas in select FortiAP models 7.4.2
Support Hitless Rolling AP upgrade 7.4.2
Support third-party antennas in select FortiAP models 7.4.2
Improve CAPWAP stability over NAT 7.4.2
Enhance memory optimization in FortiGate-managed FortiAPs 7.4.4
Support for Beacon Protection 7.4.4
Add support for managing the FortiAP USB port status 7.4.4
Support more Captive Portal security modes 7.4.4
Add profile support for Wi-Fi 7 on FortiAP K-series models 7.4.4
Support receiving the NAS-Filter-Rule during Wi-Fi authentication 7.4.4
Support MACsec on FortiAP G-series 7.4.4
Improve packet detection on the FortiAP sniffer 7.4.5
Support RADIUS MAC Authentication for MPSK on WPA3 SAE SSID 7.4.5
Add BLE integration and support for Evresys RTLS solution 7.4.5
Support uploading a captive portal's certificate authority to the FortiAP 7.4.5
Switch controller
Specify FortiSwitch names to use in switch-controller CLI commands
Support user-configurable ACL
Support configuring DHCP-snooping option-82 settings
Display DHCP-snooping option-82 data
Support automatically allowing and blocking intra-VLAN traffic based on FortiLink connectivity 7.4.1
Support the FortiOS one-arm sniffer on a mirrored VLAN interface 7.4.1
Support new commands for Precision Time Protocol configuration 7.4.1
Support inter-VLAN routing by managed FortiSwitch units 7.4.1
Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1
Support for the authentication and encryption of fabric links 7.4.1
Synchronize the FortiOS interface description with the FortiSwitch VLAN description 7.4.1
Support FortiSwitch management using HTTPS 7.4.2
Set the priority for dynamic or egress VLAN assignment 7.4.2
Specify how RADIUS request attributes are formatted 7.4.2
Dynamically assign the NAS-IP-Address attribute 7.4.2
Support LACP fallback mode 7.4.4
Support dynamic access control lists for managed switches 7.4.4
Use FortiSwitch event log IDs as triggers for automation stitches 7.4.4
Enhanced device-matching logic based on policy priority 7.4.4
Specify a tagged VLAN for when the authentication server is unavailable 7.4.4
FortiExtender
Fast failover of CAPWAP control channel between two uplinks
Support internet connectivity for WiFi clients through FortiExtender in LAN-extension mode 7.4.4
Support fast failover for FortiExtender 7.4.4
System
General
Display warnings for supported Fabric devices passing their hardware EOS date
Add setting to control the upper limit of the FQDN refresh timer
Command to compute file hashes
Support checking for firmware updates daily when auto firmware upgrade is enabled
FortiConverter in the GUI
Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release
Prevent firmware upgrades when the support contract is expired using the GUI 7.4.1
Automatic firmware upgrade enhancements 7.4.1
Introduce selected availability (SA) version and label 7.4.1
View batch transaction commands through the REST API 7.4.1
Separate the SSHD host key from the administration server certificate 7.4.2
FortiOS REST API enhances FortiManager interaction with FortiExtender 7.4.2
CLI system permissions 7.4.2
Memory usage reduced on FortiGate models with 2 GB RAM 7.4.2
Prevent firmware upgrade depending on the current firmware license's expiration date 7.4.2
Updated default email notification server 7.4.4
Configure TCP NPU session delay globally 7.4.5
Automatic firmware upgrade control 7.4.5
High availability
FGCP HA between FortiGates of the same model with different AC and DC PSUs
FGCP multi-version cluster upgrade 7.4.1
Enhance IPv6 VRRP state control 7.4.2
SNMP
Add SNMP trap for memory usage on FortiGates 7.4.2
Add SNMP trap for PSU power restore 7.4.2
Enabling the INDEX extension 7.4.4
FortiGuard
FortiGuard DLP service
Attack Surface Security Rating service 7.4.1
Operational Technology Security Service 7.4.1
Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1
Certificates
Support Enrollment over Secure Transport for automatic certificate management 7.4.1
Security
Enhance BIOS-level signature and file integrity checking
Real-time file system integrity checking
Add built-in entropy source 7.4.1
Unauthorized firmware modification attempt reporting 7.4.1
Enhance file integrity check to perform verification during system bootup 7.4.4
Enhance real-time file system integrity checking 7.4.4
Security Fabric
Fabric settings and connectors
MAC address threat feed
Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis
Update FortiVoice connector features 7.4.1
Support for FortiVoice tag dynamic address in NAC policies 7.4.4
External resource entry limit enhancements 7.4.4
Support multi-tenant FortiClient Cloud fabric connectors 7.4.4
External SDN connectors
Support IPv6 dynamic addresses retrieved from Cisco ACI SDN connector
Security ratings
Support CIS compliance standards within security ratings 7.4.1
Add prompt for one-time upgrade when a critical vulnerability is detected upon login 7.4.1
Automation
Improve automation trigger and action selection
Asset Identity Center
Configure Purdue Levels for Fabric devices 7.4.2
Log and report
Logging
Support switching to an alternate FortiAnalyzer if the main FortiAnalyzer is unavailable 7.4.1
Introduce new log fields for long-live sessions 7.4.2
Cloud
Public and private cloud
Support the AWS t4g, c6a, and c6in instance families
VMware ESXi FortiGate-VM as ZTNA gateway
Support the new AWS c7gn instance family
Support SCCC backed by AliCloud
Upgrade AWS ENA network interface driver to 2.8.3
Support UEFI-Preferred boot mode on AWS FortiGate-VM models
OCI DRCC support
Support multiple compartments and regions with single OCI SDN connector
Add Cisco ACI ESG support for direct connector 7.4.1
Add OVF template support for VMware ESXi 8 7.4.1
GCP support for C3 machine type 7.4.1
AWS support for local zones 7.4.1
AWS SBE support 7.4.1
GCP support for C3A and C3D machine type 7.4.2
Add FortiFlex GUI option 7.4.2
AliCloud support for c7, c7a, and g5ne instance families 7.4.2
AliCloud support change route table with IPv4 gateway for HA 7.4.2
AWS SDN Connector support for alternate resources 7.4.2
Integrate FortiGate Azure vWAN solution with Azure Monitor to capture health metrics 7.4.2
Customizing the FortiFlex license token activation retry parameters 7.4.2
GCP support for confidential computing 7.4.3
Support the AWS c7i and c7a instance families 7.4.4
AWS silent fips-cipher enablement 7.4.4
Azure FortiGate-VM vWAN NVA support for PAYG metered billing 7.4.4
GCP SDN connector to support IPv6 route table update via NextHopInstance 7.4.4
Support for AliCloud Apsara Stack 7.4.4
Azure SDN connector moves private IP address on trusted NIC during A-P HA failover 7.4.5
Azure SDN connector relay through FortiManager support 7.4.5
GCP SDN connector relay through FortiManager support 7.4.5
OCI SDN connector IPv6 A-P HA failover support 7.4.5
Azure SDN connector GraphQL bulk query support 7.4.5
OCI SDN connector IPv6 address object support 7.4.5
Operational Technology
System
Configuring the Purdue Level for discovered assets based on detected interface
Support for IEC 60870-5-101 serial to IEC 60870-5-104 TCP/IP transport 7.4.4
Support for Modbus serial to Modbus TCP 7.4.4
Index
7.4.0
7.4.1
7.4.2
7.4.4
7.4.5
Change Log
