Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Introduction

This document provides the following information for FortiSwitchOS 7.0.0 build 0022.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.0.0 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
FortiSwitch 3xxx FS-3032D, FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.0.0

Release 7.0.0 provides the following new features.

GUI changes

  • You can now configure Protocol Independent Multicast (PIM) version-4 routing in the GUI.
  • You can now configure IPv6 static routes in the GUI.
  • The average traffic bandwidth is now listed in the Traffic (Last Day) column in the Physical Switch Ports page (Switch > Port > Physical), Physical Port Interfaces page (Switch > Interface > Physical), and Trunk Interfaces page (Switch > Interface > Trunk) . You can now sort this column by value.
  • The diagnostics monitoring of QSFP+ transceivers is now supported in the GUI (Switch > Monitor > Modules).
  • You can now create or customize an ACL service by going to Switch > ACL > Service.

CLI changes

  • You can now control whether the size of the layer-2 table is checked and how often. When the table size is more than 75-percent full or less than 70-percent full, FortiSwitchOS adds a warning to the system log.
  • The factory default setting for power over Ethernet (PoE) pre-standard detection is now disable for both managed and standalone FortiSwitch units. When you upgrade FortiSwitchOS, the setting of PoE pre-standard detection stays the same. The setting of PoE pre-standard detection might change during a downgrade from FortiSwitchOS 7.0.0 to earlier versions.
  • More protocols have been added to the set protocol command (under config router setting). You can now filter by any IPv6 protocol, IPv6 BGP, IPv6 IS-IS, IPv6 OSPF, IPv6 RIP, or IPv6 static. The connected option is no longer supported.
  • You can now set up the following SNMP v3 notifications (traps):
    • The CPU usage is too high.
    • The configuration of an entity was changed.
    • The IP address for an interface was changed.
    • The available log space is low.
    • The available memory is low.
  • The diagnostic monitoring interface (DMI) now detects the interface type (Short Reach or Copper Reach) and forward error correction (FEC) state for a module and displays this information with the diagnose switch physical-ports list <port_name> command.
  • By default, the 25G and 100G ports of the FS-1048E and FS-3032E models now automatically detect whether FEC is supported by the module.
  • Flow export and tracking have been improved. You can control how often the template is exported and specify a Berkeley packet filter (BPF).
  • Virtual routing and forwarding (VRF) is now supported by DHCP relay (IPv4), bidirectional forwarding detection (BFD) for static routes (IPv4 and IPv6), link monitor (IPv4 and IPv6) on VRF-enabled switch virtual interfaces (SVIs), and OSPF (IPv4).
  • VRF is now supported by the 500-Series switches.
  • When you specify a route map during routing configuration, only the route maps for that protocol are listed.
  • You can now use the alias CLI commands to grant an administrator access to individual configuration attributes, table entries, or CLI commands.
  • Fortinet now supports Federal Information Processing Standard Publication (FIPS) 140-2 (Level 2) for the following FortiSwitch models:
    • FS-424E
    • FS-424E-FPOE
    • FS-M426E-FPOE
    • FS-424E-Fiber
    • FS-448E
    • FS-448E-FPOE
    • FS-1048E
    • FS-3032E
  • The Media Redundancy Protocol (MRP) is now supported on the FSR-112D and FSR-124D models.
  • When 802.1x authentication is being used, you can now move an 802.1x client between ports that are not directly connected to the FortiSwitch unit.
  • The following RADIUS attributes are now supported for configuring dynamic non-native VLANs:
    • Egress-VLANID
    • Egress-VLAN-Name
    • Ingress-Filters

GUI and CLI changes

  • You can now configure multiple flow-export collectors
  • You can now configure multiple sFlow collectors.
  • sFlow is now supported on the FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, and FS-148F-FPOE models.
  • The maximum number of IGMP-snooping groups has been increased. The following table lists the maximum number of groups for various FortiSwitch models:

    FortiSwitch Models Snooping Table Limit
    (values have been rounded)
    FS-108E and FS-124E 500
    FSR-112D-POE, FS-124F, FS-148E, FS-148F, FS-224E, FS-248D, FS-248E, FS-424D, FS-424E, FS-424E-Fiber, FS-426E, FS-448D, FS-448E 1,000
    FS-1024D and FS-1048D 4,000
    FS-3032D 6,000
    FS-524D, FS-548D, 1048E, and 3032E 8,000

REST API changes

The following are the new REST API endpoints:

  • The new cmdb/system.alias/command endpoint grants an administrator access to individual configuration attributes, table entries, or CLI commands.
  • The new cmdb/system.alias/group endpoint bundles different alias commands together for easy assignment.
  • The new cmdb/router/vrf command supports virtual routing and forwarding (VRF).

The schema for two REST API endpoints has changed:

  • The schema for the cmdb/system/sflow endpoint has changed because you can now configure multiple sFlow collectors.
  • The schema for the cmdb/system/flow-export endpoint has changed because you can now configure multiple flow-export collectors.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Introduction

This document provides the following information for FortiSwitchOS 7.0.0 build 0022.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.0.0 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
FortiSwitch 3xxx FS-3032D, FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.0.0

Release 7.0.0 provides the following new features.

GUI changes

  • You can now configure Protocol Independent Multicast (PIM) version-4 routing in the GUI.
  • You can now configure IPv6 static routes in the GUI.
  • The average traffic bandwidth is now listed in the Traffic (Last Day) column in the Physical Switch Ports page (Switch > Port > Physical), Physical Port Interfaces page (Switch > Interface > Physical), and Trunk Interfaces page (Switch > Interface > Trunk) . You can now sort this column by value.
  • The diagnostics monitoring of QSFP+ transceivers is now supported in the GUI (Switch > Monitor > Modules).
  • You can now create or customize an ACL service by going to Switch > ACL > Service.

CLI changes

  • You can now control whether the size of the layer-2 table is checked and how often. When the table size is more than 75-percent full or less than 70-percent full, FortiSwitchOS adds a warning to the system log.
  • The factory default setting for power over Ethernet (PoE) pre-standard detection is now disable for both managed and standalone FortiSwitch units. When you upgrade FortiSwitchOS, the setting of PoE pre-standard detection stays the same. The setting of PoE pre-standard detection might change during a downgrade from FortiSwitchOS 7.0.0 to earlier versions.
  • More protocols have been added to the set protocol command (under config router setting). You can now filter by any IPv6 protocol, IPv6 BGP, IPv6 IS-IS, IPv6 OSPF, IPv6 RIP, or IPv6 static. The connected option is no longer supported.
  • You can now set up the following SNMP v3 notifications (traps):
    • The CPU usage is too high.
    • The configuration of an entity was changed.
    • The IP address for an interface was changed.
    • The available log space is low.
    • The available memory is low.
  • The diagnostic monitoring interface (DMI) now detects the interface type (Short Reach or Copper Reach) and forward error correction (FEC) state for a module and displays this information with the diagnose switch physical-ports list <port_name> command.
  • By default, the 25G and 100G ports of the FS-1048E and FS-3032E models now automatically detect whether FEC is supported by the module.
  • Flow export and tracking have been improved. You can control how often the template is exported and specify a Berkeley packet filter (BPF).
  • Virtual routing and forwarding (VRF) is now supported by DHCP relay (IPv4), bidirectional forwarding detection (BFD) for static routes (IPv4 and IPv6), link monitor (IPv4 and IPv6) on VRF-enabled switch virtual interfaces (SVIs), and OSPF (IPv4).
  • VRF is now supported by the 500-Series switches.
  • When you specify a route map during routing configuration, only the route maps for that protocol are listed.
  • You can now use the alias CLI commands to grant an administrator access to individual configuration attributes, table entries, or CLI commands.
  • Fortinet now supports Federal Information Processing Standard Publication (FIPS) 140-2 (Level 2) for the following FortiSwitch models:
    • FS-424E
    • FS-424E-FPOE
    • FS-M426E-FPOE
    • FS-424E-Fiber
    • FS-448E
    • FS-448E-FPOE
    • FS-1048E
    • FS-3032E
  • The Media Redundancy Protocol (MRP) is now supported on the FSR-112D and FSR-124D models.
  • When 802.1x authentication is being used, you can now move an 802.1x client between ports that are not directly connected to the FortiSwitch unit.
  • The following RADIUS attributes are now supported for configuring dynamic non-native VLANs:
    • Egress-VLANID
    • Egress-VLAN-Name
    • Ingress-Filters

GUI and CLI changes

  • You can now configure multiple flow-export collectors
  • You can now configure multiple sFlow collectors.
  • sFlow is now supported on the FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, and FS-148F-FPOE models.
  • The maximum number of IGMP-snooping groups has been increased. The following table lists the maximum number of groups for various FortiSwitch models:

    FortiSwitch Models Snooping Table Limit
    (values have been rounded)
    FS-108E and FS-124E 500
    FSR-112D-POE, FS-124F, FS-148E, FS-148F, FS-224E, FS-248D, FS-248E, FS-424D, FS-424E, FS-424E-Fiber, FS-426E, FS-448D, FS-448E 1,000
    FS-1024D and FS-1048D 4,000
    FS-3032D 6,000
    FS-524D, FS-548D, 1048E, and 3032E 8,000

REST API changes

The following are the new REST API endpoints:

  • The new cmdb/system.alias/command endpoint grants an administrator access to individual configuration attributes, table entries, or CLI commands.
  • The new cmdb/system.alias/group endpoint bundles different alias commands together for easy assignment.
  • The new cmdb/router/vrf command supports virtual routing and forwarding (VRF).

The schema for two REST API endpoints has changed:

  • The schema for the cmdb/system/sflow endpoint has changed because you can now configure multiple sFlow collectors.
  • The schema for the cmdb/system/flow-export endpoint has changed because you can now configure multiple flow-export collectors.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.