Fortinet white logo
Fortinet white logo

FortiLink Guide

Whatʼs new in FortiOS 7.6.0

Whatʼs new in FortiOS 7.6.0

The following list contains new managed FortiSwitchOS features added in FortiOS 7.6.0. Click on a link to navigate to that section for further information:

  • You can now use the CLI to change the priority of MAC authentication bypass (MAB) authentication and Extensible Authentication Protocol (EAP) 802.1X authentication to fit your specific network security requirements.

    • Before FortiOS 7.6.0, the managed switch tried EAP 802.1X authentication and MAB authentication in the order that they were received with EAP 802.1X authentication having absolute priority. If authentication failed, users were assigned to the auth-fail-vlanid VLAN if it had been configured. There was no time delay. Starting inFortiOS 7.6.0, use the set auth-priority legacy command to keep this priority. After an upgrade, auth-priority is set to legacy by default.

    • Starting in FortiOS 7.6.0, if you want the managed switch to try EAP 802.1X authentication first and then MAB authentication if EAP 802.1X fails, use the set auth-priority dot1x-mab command. If MAB authentication also fails, users are assigned to the auth-fail-vlanid VLAN if it is configured.

    • Starting in FortiOS 7.6.0, if you want the managed switch to try MAB authentication first and then EAP 802.1X authentication if MAB authentication fails, use the set auth-priority mab-dot1x command. If EAP 802.1X authentication also fails, users are assigned to the auth-fail-vlanid VLAN if it is configured.

    • Starting in FortiOS 7.6.0 with FortiSwitchOS 7.2.3, MAB-only authentication is supported. In this mode, the managed FortiSwitch unit performs MAB authentication without performing EAP authentication. EAP packets are not sent. To enable MAB-only authentication, set the auth-order command to mab.

    For more details, see Changing the priority of MAB and EAP 802.1X authentication.

  • You can now configure an SNMP trap so that you receive a message when a layer-2 MAC address has been added to, moved from or to, or deleted from a managed FortiSwitch port. This SNMP trap allows network administrators to monitor MAC address changes in real time, which strengthens overall network security. For more details, see Sending SNMP traps for MAC address changes.

  • The FortiOS GUI has been updated to make it easier to upgrade all FortiSwitch units at the same time. For more details, see Viewing and upgrading the FortiSwitch firmware version.

Whatʼs new in FortiOS 7.6.0

Whatʼs new in FortiOS 7.6.0

The following list contains new managed FortiSwitchOS features added in FortiOS 7.6.0. Click on a link to navigate to that section for further information:

  • You can now use the CLI to change the priority of MAC authentication bypass (MAB) authentication and Extensible Authentication Protocol (EAP) 802.1X authentication to fit your specific network security requirements.

    • Before FortiOS 7.6.0, the managed switch tried EAP 802.1X authentication and MAB authentication in the order that they were received with EAP 802.1X authentication having absolute priority. If authentication failed, users were assigned to the auth-fail-vlanid VLAN if it had been configured. There was no time delay. Starting inFortiOS 7.6.0, use the set auth-priority legacy command to keep this priority. After an upgrade, auth-priority is set to legacy by default.

    • Starting in FortiOS 7.6.0, if you want the managed switch to try EAP 802.1X authentication first and then MAB authentication if EAP 802.1X fails, use the set auth-priority dot1x-mab command. If MAB authentication also fails, users are assigned to the auth-fail-vlanid VLAN if it is configured.

    • Starting in FortiOS 7.6.0, if you want the managed switch to try MAB authentication first and then EAP 802.1X authentication if MAB authentication fails, use the set auth-priority mab-dot1x command. If EAP 802.1X authentication also fails, users are assigned to the auth-fail-vlanid VLAN if it is configured.

    • Starting in FortiOS 7.6.0 with FortiSwitchOS 7.2.3, MAB-only authentication is supported. In this mode, the managed FortiSwitch unit performs MAB authentication without performing EAP authentication. EAP packets are not sent. To enable MAB-only authentication, set the auth-order command to mab.

    For more details, see Changing the priority of MAB and EAP 802.1X authentication.

  • You can now configure an SNMP trap so that you receive a message when a layer-2 MAC address has been added to, moved from or to, or deleted from a managed FortiSwitch port. This SNMP trap allows network administrators to monitor MAC address changes in real time, which strengthens overall network security. For more details, see Sending SNMP traps for MAC address changes.

  • The FortiOS GUI has been updated to make it easier to upgrade all FortiSwitch units at the same time. For more details, see Viewing and upgrading the FortiSwitch firmware version.