Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiSwitch 7.0.2 Release Notes
    7.0.2
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    3.6.12
    3.6.11
    3.6.10
    3.6.9
    3.6.8
    3.6.7
    3.6.6
    3.6.5
    3.6.4
    3.6.3
    3.6.2
    3.6.1
    3.6.0
    3.5.6
    3.5.5
    3.5.4
    3.5.3
    3.5.2
    3.5.1
    3.5.0
    3.4.3
    3.4.2
    3.4.1
    3.4.0
    3.3.3
    3.3.2
    3.3.1

    Introduction

    Introduction

    This document provides the following information for FortiSwitchOS 7.0.2 build 0049.

    See the Fortinet Document Library for FortiSwitchOS documentation.

    Supported models

    FortiSwitchOS 7.0.2 supports the following models:

    FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
    FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
    FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
    FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
    FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
    FortiSwitch 3xxx FS-3032D, FS-3032E
    FortiSwitch Rugged FSR-112D-POE, FSR-124D

    What’s new in FortiSwitchOS 7.0.2

    Release 7.0.2 provides the following new features:

    • New commands allow you to specify which IGMP-snooping and MLD-snooping groups are cleared:
      • execute clear switch igmp-snooping all
      • execute clear switch igmp-snooping group <multicast_IPv4_address>
      • execute clear switch igmp-snooping interface <interface_name>
      • execute clear switch igmp-snooping vlan <VLAN_ID>
      • execute clear switch mld-snooping all
      • execute clear switch mld-snooping group <multicast_IPv6_address>
      • execute clear switch mld-snooping interface <interface_name>
      • execute clear switch mld-snooping vlan <VLAN_ID>
      You can also combine the commands for more control.
    • You can now sort each column on the Log > Entries page.
    • As part of the existing support for RFC 1493, the following OIDs have been added:

      Name

      OID

      dot1dBaseBridgeAddress.1.3.6.1.2.1.17.1.1.0
      dot1dBaseNumPorts.1.3.6.1.2.1.17.1.2.0
      dot1dBaseType.1.3.6.1.2.1.17.1.3.0
      dot1dTpFdbTable
      TpFdbAddress
      TpFdbPort
      TpfdbStatus      		.1.3.6.1.2.1.17.4.3
      .1.3.6.1.2.1.17.4.3.1.1
      .1.3.6.1.2.1.17.4.3.1.2
      .1.3.6.1.2.1.17.4.3.1.3
      dot1dBasePortTable
      BasePort
      BasePortIfIndex
      basePortCircuit
      		.1.3.6.1.2.1.17.1.4
      .1.3.6.1.2.1.17.1.4.1.1
      .1.3.6.1.2.1.17.1.4.1.2
      .1.3.6.1.2.1.17.1.4.1.3

      NOTE: dot1dbasePortDelayeExceededDiscards (.1.3.6.1.2.1.17.1.4.1.4) and dot1dBasePortMtuExceededDiscards (.1.3.6.1.2.1.17.1.4.1.5) are not supported.

    • When DHCP snooping is enabled and a DHCP server is detected on an untrusted interface, a log entry is generated, either “A rogue DHCPv6 server has been detected on the interface” or “A rogue DHCP server has been detected on the interface.”
    • You can now use RADIUS attributes to configure dynamic access control lists (DACLs) on 802.1x ports. DACLS are configured on a switch or saved on a RADIUS server. You can use DACLs to control traffic per user session or per port for switch ports directly connected to user clients. DACLs apply to hardware only when 802.1x authentication is successful.
    • You can now specify the outer VLAN tag and COS queue number when configuring the access control list (ACL) policies on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.

    • You can now enable or disable the learning-limit violation log in the GUI (Switch > MAC Limit).

    • The MAC learning limit and the MAC learning limit violation log are now supported on the FSR-112D-POE.
    • You can now specify that, when the MAC learning limit is exceeded, the interface that it is configured on will be disabled.
    • You can now receive an SNMP trap message when the MAC learning limit is exceeded.
    • NAC LAN segments are now supported on the FS-148F, FS-148F-POE, and FS-148F-FPOE models in FortiLink mode. FortiOS 7.0.1 or higher is required.
    • You can now specify a range of multicast group addresses (IPv4) when configuring a Protocol Independent Multicast (PIM) multicast flow.
    • The output of the diagnose test authserver radius command now includes the configured attribute-value pairs (AVPs).
    • When you test the user credentials for a RADIUS server in the GUI (System > Authentication > RADIUS), the configured AVPs are now returned, along with the status of the connection and user credentials.
    • You can now view if a module supports the diagnostic monitoring interface (DMI):
      • The output of the get switch modules status command reports if a module does not support DMI.
      • There is a new DMI column on the Module Summary page (Switch > Monitor > Modules).

    Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

    Previous
    Next

    Introduction

    Introduction

    This document provides the following information for FortiSwitchOS 7.0.2 build 0049.

    See the Fortinet Document Library for FortiSwitchOS documentation.

    Supported models

    FortiSwitchOS 7.0.2 supports the following models:

    FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
    FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
    FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
    FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
    FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
    FortiSwitch 3xxx FS-3032D, FS-3032E
    FortiSwitch Rugged FSR-112D-POE, FSR-124D

    What’s new in FortiSwitchOS 7.0.2

    Release 7.0.2 provides the following new features:

    • New commands allow you to specify which IGMP-snooping and MLD-snooping groups are cleared:
      • execute clear switch igmp-snooping all
      • execute clear switch igmp-snooping group <multicast_IPv4_address>
      • execute clear switch igmp-snooping interface <interface_name>
      • execute clear switch igmp-snooping vlan <VLAN_ID>
      • execute clear switch mld-snooping all
      • execute clear switch mld-snooping group <multicast_IPv6_address>
      • execute clear switch mld-snooping interface <interface_name>
      • execute clear switch mld-snooping vlan <VLAN_ID>
      You can also combine the commands for more control.
    • You can now sort each column on the Log > Entries page.
    • As part of the existing support for RFC 1493, the following OIDs have been added:

      Name

      OID

      dot1dBaseBridgeAddress.1.3.6.1.2.1.17.1.1.0
      dot1dBaseNumPorts.1.3.6.1.2.1.17.1.2.0
      dot1dBaseType.1.3.6.1.2.1.17.1.3.0
      dot1dTpFdbTable
      TpFdbAddress
      TpFdbPort
      TpfdbStatus      		.1.3.6.1.2.1.17.4.3
      .1.3.6.1.2.1.17.4.3.1.1
      .1.3.6.1.2.1.17.4.3.1.2
      .1.3.6.1.2.1.17.4.3.1.3
      dot1dBasePortTable
      BasePort
      BasePortIfIndex
      basePortCircuit
      		.1.3.6.1.2.1.17.1.4
      .1.3.6.1.2.1.17.1.4.1.1
      .1.3.6.1.2.1.17.1.4.1.2
      .1.3.6.1.2.1.17.1.4.1.3

      NOTE: dot1dbasePortDelayeExceededDiscards (.1.3.6.1.2.1.17.1.4.1.4) and dot1dBasePortMtuExceededDiscards (.1.3.6.1.2.1.17.1.4.1.5) are not supported.

    • When DHCP snooping is enabled and a DHCP server is detected on an untrusted interface, a log entry is generated, either “A rogue DHCPv6 server has been detected on the interface” or “A rogue DHCP server has been detected on the interface.”
    • You can now use RADIUS attributes to configure dynamic access control lists (DACLs) on 802.1x ports. DACLS are configured on a switch or saved on a RADIUS server. You can use DACLs to control traffic per user session or per port for switch ports directly connected to user clients. DACLs apply to hardware only when 802.1x authentication is successful.
    • You can now specify the outer VLAN tag and COS queue number when configuring the access control list (ACL) policies on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.

    • You can now enable or disable the learning-limit violation log in the GUI (Switch > MAC Limit).

    • The MAC learning limit and the MAC learning limit violation log are now supported on the FSR-112D-POE.
    • You can now specify that, when the MAC learning limit is exceeded, the interface that it is configured on will be disabled.
    • You can now receive an SNMP trap message when the MAC learning limit is exceeded.
    • NAC LAN segments are now supported on the FS-148F, FS-148F-POE, and FS-148F-FPOE models in FortiLink mode. FortiOS 7.0.1 or higher is required.
    • You can now specify a range of multicast group addresses (IPv4) when configuring a Protocol Independent Multicast (PIM) multicast flow.
    • The output of the diagnose test authserver radius command now includes the configured attribute-value pairs (AVPs).
    • When you test the user credentials for a RADIUS server in the GUI (System > Authentication > RADIUS), the configured AVPs are now returned, along with the status of the connection and user credentials.
    • You can now view if a module supports the diagnostic monitoring interface (DMI):
      • The output of the get switch modules status command reports if a module does not support DMI.
      • There is a new DMI column on the Module Summary page (Switch > Monitor > Modules).

    Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

    Previous
    Next