Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Introduction

This document provides the following information for FortiSwitchOS 7.0.3 build 0058.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.0.3 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
FortiSwitch 3xxx FS-3032D, FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.0.3

Release 7.0.3 provides the following new features:

  • NAC LAN segments are now supported on the FS-124F, FS-124F-POE, and FS-124F-FPOE models in FortiLink mode. FortiOS 7.0.1 or higher is required.
  • To support the IEEE 802 LLDP MIB, the following OIDs have been added:

    Name

    OID

    lldpLocalSystemData

         lldpLocChassisIdSubtype

         lldpLocChassisId

         lldpLocSysName

         lldpLocSysDesc

         lldpLocSysCapSupported

         lldpLocSysCapEnabled

    .1.0.8802.1.1.2.1.3

    lldpLocPortTable

         lldpLocPortNum

         lldpLocPortIdSubtype

         lldpLocPortId

         lldpLocPortDesc

    .1.0.8802.1.1.2.1.3.7

    lldpLocManAddrTable

         lldpLocManAddrSubtype

         lldpLocManAddr

         lldpLocManAddrLen

         lldpLocManAddrIfSubtype

         lldpLocManAddrIfId

         lldpLocManAddrOID

    .1.0.8802.1.1.2.1.3.8

  • The execute 802-1x clear mac <MAC_address> command allows you to clear the authorized session associated with a specific MAC address.
  • TLS 1.0 is no longer supported. To configure which TLS version to use for web administration, use the set https-ssl-versions {tlsv1-1 | tlsv1-2 | tlsv1-3} command under config system web. In previous releases, the command was set admin-https-ssl-versions {tlsv1-0 | tlsv1-1 | tlsv1-2 | tlsv1-3} under config system global. NOTE: TLS 1.3 is not supported in FIPS mode.
  • Dynamic access control lists (DACLs) are now supported on the following platforms:
    • FSR-124D
    • FS-224D-FPOE
    • FS-248D
    • FS-424D
    • FS-424D-POE
    • FS-424D-FPOE
    • FS-424E
    • FS-424E-POE
    • FS-424E-FPOE
    • FS-448D
    • FS-448D-POE
    • FS-448D-FPOE
    • FS-224E
    • FS-224E-POE
    • FS-248E-POE
    • FS-248E-FPOE
    • FS-524D
    • FS-524D-FPOE
    • FS-548D
    • FS-548D-FPOE
    • FS-1024D
    • FS-1048D
    • FS-3032D
  • When the maximum number of 802.1x-authorized clients for a port, which is 20, is exceeded, a warning log (including the MAC address) is reported. For example:

    "6: 1969-12-31 16:02:09 log_id=0104010017 type=event subtype=switch pri=warning vd=root MAC=f0:4d:a2:be:a3:31 , not authorized, exceed port9 maximum of 20 MAC sessions."

  • When the maximum number of 802.1x-authorized clients for the system, which is 10 x the model number of ports, is exceeded, a warning log (including the MAC address) is reported. For example, on an FS-224E model:

    "1: 2021-11-02 20:25:49 log_id=0104010010 type=event subtype=switch pri=warning vd=root MAC=f0:4d:a2:be:a3:31 , not authorized, exceed system maximum of 240 MAC sessions."

  • The following are the new REST API endpoints:
    • The monitor/switch/dhcp-snooping-limit-db-details endpoint displays details about the DHCP-snooping lease-count database.
    • The monitor/switch/cable-diag endpoint displays the results of a time-domain reflectometer (TDR) diagnostic test on the cables connected to a specific port.
  • The following are the REST API schema changes:
    • The cmdb/system/fsw-cloud endpoint has been renamed and is now the cmdb/system/flan-cloud endpoint.

    • The response from the monitor/switch/capabilities endpoint has been updated to reflect the current switch capabilities.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Introduction

This document provides the following information for FortiSwitchOS 7.0.3 build 0058.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.0.3 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448D-POE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1048D, FS-1048E
FortiSwitch 3xxx FS-3032D, FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.0.3

Release 7.0.3 provides the following new features:

  • NAC LAN segments are now supported on the FS-124F, FS-124F-POE, and FS-124F-FPOE models in FortiLink mode. FortiOS 7.0.1 or higher is required.
  • To support the IEEE 802 LLDP MIB, the following OIDs have been added:

    Name

    OID

    lldpLocalSystemData

         lldpLocChassisIdSubtype

         lldpLocChassisId

         lldpLocSysName

         lldpLocSysDesc

         lldpLocSysCapSupported

         lldpLocSysCapEnabled

    .1.0.8802.1.1.2.1.3

    lldpLocPortTable

         lldpLocPortNum

         lldpLocPortIdSubtype

         lldpLocPortId

         lldpLocPortDesc

    .1.0.8802.1.1.2.1.3.7

    lldpLocManAddrTable

         lldpLocManAddrSubtype

         lldpLocManAddr

         lldpLocManAddrLen

         lldpLocManAddrIfSubtype

         lldpLocManAddrIfId

         lldpLocManAddrOID

    .1.0.8802.1.1.2.1.3.8

  • The execute 802-1x clear mac <MAC_address> command allows you to clear the authorized session associated with a specific MAC address.
  • TLS 1.0 is no longer supported. To configure which TLS version to use for web administration, use the set https-ssl-versions {tlsv1-1 | tlsv1-2 | tlsv1-3} command under config system web. In previous releases, the command was set admin-https-ssl-versions {tlsv1-0 | tlsv1-1 | tlsv1-2 | tlsv1-3} under config system global. NOTE: TLS 1.3 is not supported in FIPS mode.
  • Dynamic access control lists (DACLs) are now supported on the following platforms:
    • FSR-124D
    • FS-224D-FPOE
    • FS-248D
    • FS-424D
    • FS-424D-POE
    • FS-424D-FPOE
    • FS-424E
    • FS-424E-POE
    • FS-424E-FPOE
    • FS-448D
    • FS-448D-POE
    • FS-448D-FPOE
    • FS-224E
    • FS-224E-POE
    • FS-248E-POE
    • FS-248E-FPOE
    • FS-524D
    • FS-524D-FPOE
    • FS-548D
    • FS-548D-FPOE
    • FS-1024D
    • FS-1048D
    • FS-3032D
  • When the maximum number of 802.1x-authorized clients for a port, which is 20, is exceeded, a warning log (including the MAC address) is reported. For example:

    "6: 1969-12-31 16:02:09 log_id=0104010017 type=event subtype=switch pri=warning vd=root MAC=f0:4d:a2:be:a3:31 , not authorized, exceed port9 maximum of 20 MAC sessions."

  • When the maximum number of 802.1x-authorized clients for the system, which is 10 x the model number of ports, is exceeded, a warning log (including the MAC address) is reported. For example, on an FS-224E model:

    "1: 2021-11-02 20:25:49 log_id=0104010010 type=event subtype=switch pri=warning vd=root MAC=f0:4d:a2:be:a3:31 , not authorized, exceed system maximum of 240 MAC sessions."

  • The following are the new REST API endpoints:
    • The monitor/switch/dhcp-snooping-limit-db-details endpoint displays details about the DHCP-snooping lease-count database.
    • The monitor/switch/cable-diag endpoint displays the results of a time-domain reflectometer (TDR) diagnostic test on the cables connected to a specific port.
  • The following are the REST API schema changes:
    • The cmdb/system/fsw-cloud endpoint has been renamed and is now the cmdb/system/flan-cloud endpoint.

    • The response from the monitor/switch/capabilities endpoint has been updated to reflect the current switch capabilities.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.