Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.3
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Release Notes

    Home FortiGate / FortiOS 7.6.3 FortiOS Release Notes
    7.6.3
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    Changes in CLI

    Changes in CLI

    Bug ID

    Description

    926178

    The policy-category-deep-inspect command has been removed and replaced with https-sub-category.

    Removed:

    config web-proxy global
    set policy-category-deep-inspect {enable | disable}
end

    Added:

    config firewall proxy-policy
      edit <id>
        set https-sub-category {enable | disable}
    next
end

    Starting in FortiOS 7.2.1, FortiGate (when web proxy is configured) implicitly enforces deep inspection if an HTTP CONNECT request or TLS SNI partially matches a policy with deep inspection enabled.

    To retain legacy behavior for category-based proxy addresses (FortiGuard URL categories), disable https-sub-category after upgrading to FortiOS 7.6.3 or later.

    1021838

    The config system autoupdate tunneling command has been removed and replaced with config system fortiguard.

    Removed:

    config system autoupdate tunneling
    set address <proxy_address>
    set port <proxy_port>
    set username <username>
    set password <password>
    set status {enable | disable}
end

    Added:

    config system fortiguard
    set proxy-server-ip <proxy_address>
    set proxy-server-port <proxy_port>
    set proxy-username <username>
    set proxy-password <password>
end

    1080094

    Add sta-offline-ip2mac-cleanup and sta-offline-cleanup in wireless timers: 

    config wireless-controller timers
    set sta-offline-ip2mac-cleanup 300
    set sta-offline-cleanup 300
end

    Add max-sta-offline-ip2mac and max-sta-offline in wireless global: 

    config wireless-controller global
    set max-sta-offline-ip2mac 1024
    set max-sta-offline 1024
end

    1096636

    Allow adding expiry as an option for generating an API-user key.

    # execute api-user generate-key <API username> [expiry in mins]

    1098022

    Increase the maximum IPS signature hold time from 7 days to 21 days.

    1106960

    The hyperscale firewall command config firewall ippool_grp has been changed to config firewall ippool-grp.

    1110668

    Add an option to control whether webfilter.urlfilter simple-type entries match subdomains.

    config webfilter urlfilter
    edit <id>
        set include-subdomains {enable/disable} 
    next
end

    1142013

    You can no longer use the following command to change QoS type used for traffic shaping for sessions offloaded to NP7 processors:

    config system npu
    set default-qos-type {policing | shaping}
end

    Instead, default-qos-type can only be set to policing. See also Changes to NP7 traffic shaping.
    Previous
    Next

    Changes in CLI

    Changes in CLI

    Bug ID

    Description

    926178

    The policy-category-deep-inspect command has been removed and replaced with https-sub-category.

    Removed:

    config web-proxy global
    set policy-category-deep-inspect {enable | disable}
end

    Added:

    config firewall proxy-policy
      edit <id>
        set https-sub-category {enable | disable}
    next
end

    Starting in FortiOS 7.2.1, FortiGate (when web proxy is configured) implicitly enforces deep inspection if an HTTP CONNECT request or TLS SNI partially matches a policy with deep inspection enabled.

    To retain legacy behavior for category-based proxy addresses (FortiGuard URL categories), disable https-sub-category after upgrading to FortiOS 7.6.3 or later.

    1021838

    The config system autoupdate tunneling command has been removed and replaced with config system fortiguard.

    Removed:

    config system autoupdate tunneling
    set address <proxy_address>
    set port <proxy_port>
    set username <username>
    set password <password>
    set status {enable | disable}
end

    Added:

    config system fortiguard
    set proxy-server-ip <proxy_address>
    set proxy-server-port <proxy_port>
    set proxy-username <username>
    set proxy-password <password>
end

    1080094

    Add sta-offline-ip2mac-cleanup and sta-offline-cleanup in wireless timers: 

    config wireless-controller timers
    set sta-offline-ip2mac-cleanup 300
    set sta-offline-cleanup 300
end

    Add max-sta-offline-ip2mac and max-sta-offline in wireless global: 

    config wireless-controller global
    set max-sta-offline-ip2mac 1024
    set max-sta-offline 1024
end

    1096636

    Allow adding expiry as an option for generating an API-user key.

    # execute api-user generate-key <API username> [expiry in mins]

    1098022

    Increase the maximum IPS signature hold time from 7 days to 21 days.

    1106960

    The hyperscale firewall command config firewall ippool_grp has been changed to config firewall ippool-grp.

    1110668

    Add an option to control whether webfilter.urlfilter simple-type entries match subdomains.

    config webfilter urlfilter
    edit <id>
        set include-subdomains {enable/disable} 
    next
end

    1142013

    You can no longer use the following command to change QoS type used for traffic shaping for sessions offloaded to NP7 processors:

    config system npu
    set default-qos-type {policing | shaping}
end

    Instead, default-qos-type can only be set to policing. See also Changes to NP7 traffic shaping.
    Previous
    Next