Fortinet black logo

Introduction

Introduction

This document provides the following information for FortiSwitchOS 7.2.4 build 0444.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.2.4 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1024E, FS-1048E, FS-T1024E
FortiSwitch 3xxx FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.2.4

Release 7.2.4 provides the following new features:

  • You no longer need to configure TTL for all FortiSwitch platforms that support the layer-3 multichassis link aggregation group (MCLAG) feature.

  • When a local certificate is generated through the Simple Certificate Enrollment Protocol (SCEP), the SCEP URL and password will be saved.

  • OS image signature verification is now available in specific BIOS versions for the following platforms:

    FortiSwitch model

    Required BIOS version

    FS-108E

    04000010 or later

    FS-108E-POE

    04000017 or later

    FS-108E-FPOE

    04000017 or later

    FS-124E

    04000010 or later

    FS-124E-POE

    04000017 or later

    FS-124E-FPOE

    04000017 or later

    FS-148E

    04000010 or later

    FS-148E-POE

    04000015 or later

    FS-224E

    04000015 or later

    FS-224E-POE

    04000018 or later

    FS-248E-POE

    04000018 or later

    FS-248E-FPOE

    04000018 or later

  • To increase the security of strong cryptography, additional weaker ciphers algorithms are now removed. When you enable strong cryptography (set strong-crypto enable under config system global), the following ciphers and algorithms are currently supported:

    • Ciphers (encryption algorithms):

      • chacha20-poly1305@openssh.com

      • aes128-ctr

      • aes192-ctr

      • aes256-ctr

      • aes128-gcm@openssh.com

      • aes256-gcm@openssh.com

    • Key-exchange algorithms:

      • curve25519-sha256@libssh.org

      • diffie-hellman-group-exchange-sha256

    • Host-key algorithm:

      • ssh-ed25519

    • Message authentication code algorithms:

      • umac-128-etm@openssh.com

      • hmac-sha2-256-etm@openssh.com

      • hmac-sha2-512-etm@openssh.com

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Introduction

This document provides the following information for FortiSwitchOS 7.2.4 build 0444.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.2.4 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1024E, FS-1048E, FS-T1024E
FortiSwitch 3xxx FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D

What’s new in FortiSwitchOS 7.2.4

Release 7.2.4 provides the following new features:

  • You no longer need to configure TTL for all FortiSwitch platforms that support the layer-3 multichassis link aggregation group (MCLAG) feature.

  • When a local certificate is generated through the Simple Certificate Enrollment Protocol (SCEP), the SCEP URL and password will be saved.

  • OS image signature verification is now available in specific BIOS versions for the following platforms:

    FortiSwitch model

    Required BIOS version

    FS-108E

    04000010 or later

    FS-108E-POE

    04000017 or later

    FS-108E-FPOE

    04000017 or later

    FS-124E

    04000010 or later

    FS-124E-POE

    04000017 or later

    FS-124E-FPOE

    04000017 or later

    FS-148E

    04000010 or later

    FS-148E-POE

    04000015 or later

    FS-224E

    04000015 or later

    FS-224E-POE

    04000018 or later

    FS-248E-POE

    04000018 or later

    FS-248E-FPOE

    04000018 or later

  • To increase the security of strong cryptography, additional weaker ciphers algorithms are now removed. When you enable strong cryptography (set strong-crypto enable under config system global), the following ciphers and algorithms are currently supported:

    • Ciphers (encryption algorithms):

      • chacha20-poly1305@openssh.com

      • aes128-ctr

      • aes192-ctr

      • aes256-ctr

      • aes128-gcm@openssh.com

      • aes256-gcm@openssh.com

    • Key-exchange algorithms:

      • curve25519-sha256@libssh.org

      • diffie-hellman-group-exchange-sha256

    • Host-key algorithm:

      • ssh-ed25519

    • Message authentication code algorithms:

      • umac-128-etm@openssh.com

      • hmac-sha2-256-etm@openssh.com

      • hmac-sha2-512-etm@openssh.com

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.