Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Release Notes

    Home FortiGate / FortiOS 8.0.0 FortiOS Release Notes
    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    FortiManager support for updated FortiOS private data encryption key

    FortiManager support for updated FortiOS private data encryption key

    With the introduction of FortiOS 7.6.1, Fortinet has updated the private-data-encryption key feature. Administrators are no longer required to manually input a 32-digit hexadecimal private-data-encryption key. Instead administrators simply enable the command, and a random private-data-encryption key is generated.

    How FortiManager 8.0.0 works with FortiOS private data encryption keys has changed. This topic covers the changes. See FortiManager behavior.

    Previous FortiOS CLI behavior
    config system global
    set private-data-encryption enable
end
Please type your private data encryption key (32 hexadecimal numbers):
12345678901234567890123456789abc
Please re-enter your private data encryption key (32 hexadecimal numbers) again:
12345678901234567890123456789abc
Your private data encryption key is accepted.
    New FortiOS CLI behavior
    config system global
    set private-data-encryption enable
end
This operation will generate a random private data encryption key!
Previous config files encrypted with the system default key cannot be restored after this operation!
Do you want to continue? (y/n)y
Private data encryption key generation succeeded!
    FortiManager behavior

    FortiManager 8.0.0 can centrally manage FortiGates with the private-data-encryption setting enabled, with the following limitations:

    • FortiManager can import objects that include the password type attribute.

      When FortiManager imports objects that include a password-type attribute, the administrator will be prompted to specify the password used by the object during the import process.

    • FortiManager cannot be used to create NAT and transparent VDOMs.

    This applies to FortiGates with private keys that are manually configured in FortiOS 7.6.0 and earlier and private keys that are randomly generated in FortiOS 7.6.1 and later.

    FortiManager does not require you to verify the private key of the FortiGate when adding it to FortiManager.

    FortiGates that require the protection of private data encryption and need to be managed by FortiManager should follow these procedures on a fresh install.

    1. On the FortiGate, enable private-data-encryption.

    2. On the FortiManager, add the FortiGate to the Device Manager. FortiManager will not be required to provide the key for PDE, as it will not be importing any password-related settings.

    3. Make all configuration changes directly on the FortiManager.

    4. Push and install the changes to the FortiGate.

    If you require the use of NAT or Transparent VDOMs, you should perform this additional step before the steps above.

    1. Enable multi-vdom mode on the FortiGate.

    2. Add the VDOMs that you will use on the FortiGate.

    3. Follow the above steps to enable private-data-encryption and manage the FortiGate from the FortiManager.

    For more information, see the FortiManager Administration Guide.

    Previous
    Next

    FortiManager support for updated FortiOS private data encryption key

    FortiManager support for updated FortiOS private data encryption key

    With the introduction of FortiOS 7.6.1, Fortinet has updated the private-data-encryption key feature. Administrators are no longer required to manually input a 32-digit hexadecimal private-data-encryption key. Instead administrators simply enable the command, and a random private-data-encryption key is generated.

    How FortiManager 8.0.0 works with FortiOS private data encryption keys has changed. This topic covers the changes. See FortiManager behavior.

    Previous FortiOS CLI behavior
    config system global
    set private-data-encryption enable
end
Please type your private data encryption key (32 hexadecimal numbers):
12345678901234567890123456789abc
Please re-enter your private data encryption key (32 hexadecimal numbers) again:
12345678901234567890123456789abc
Your private data encryption key is accepted.
    New FortiOS CLI behavior
    config system global
    set private-data-encryption enable
end
This operation will generate a random private data encryption key!
Previous config files encrypted with the system default key cannot be restored after this operation!
Do you want to continue? (y/n)y
Private data encryption key generation succeeded!
    FortiManager behavior

    FortiManager 8.0.0 can centrally manage FortiGates with the private-data-encryption setting enabled, with the following limitations:

    • FortiManager can import objects that include the password type attribute.

      When FortiManager imports objects that include a password-type attribute, the administrator will be prompted to specify the password used by the object during the import process.

    • FortiManager cannot be used to create NAT and transparent VDOMs.

    This applies to FortiGates with private keys that are manually configured in FortiOS 7.6.0 and earlier and private keys that are randomly generated in FortiOS 7.6.1 and later.

    FortiManager does not require you to verify the private key of the FortiGate when adding it to FortiManager.

    FortiGates that require the protection of private data encryption and need to be managed by FortiManager should follow these procedures on a fresh install.

    1. On the FortiGate, enable private-data-encryption.

    2. On the FortiManager, add the FortiGate to the Device Manager. FortiManager will not be required to provide the key for PDE, as it will not be importing any password-related settings.

    3. Make all configuration changes directly on the FortiManager.

    4. Push and install the changes to the FortiGate.

    If you require the use of NAT or Transparent VDOMs, you should perform this additional step before the steps above.

    1. Enable multi-vdom mode on the FortiGate.

    2. Add the VDOMs that you will use on the FortiGate.

    3. Follow the above steps to enable private-data-encryption and manage the FortiGate from the FortiManager.

    For more information, see the FortiManager Administration Guide.

    Previous
    Next