Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiLink Release Notes

    Home FortiSwitch 8.0.0 FortiLink Release Notes
    8.0.0
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.1
    7.2.0

    What’s new in FortiOS 8.0.0

    What’s new in FortiOS 8.0.0

    The following list contains new managed FortiSwitchOS features added in FortiOS 8.0.0:

    • The number of supported FortiSwitch devices has increased for some FortiGate models. This change enhances scalability for larger deployments.

      FortiGate model

      Number of supported FortiSwitch units

      FG-50G, FG-50GP, FG-51G, FG-51GP, FG-50G-5G, FG-51G-5G, FG-50G-DSL, FG-50G-SFP

      16 (from 8)

      FG-200G, FG-201G

      96 (from 64)

      FG-2600F, FG-2601F

      300 (from 196)

    • On the Switch > Interfaces page of the FortiSwitchOS GUI, the icon now indicates that auto-network is enabled on the switch. When the icon is blue, it indicates an active inter-switch link (ISL) trunk. Previously, the icon indicated that FortiLink discovery was enabled.

    • You can now specify trusted IPv4 and IPv6 hosts for admin accounts in FortiOS for managed FortiSwitch units. This feature enhances network security by restricting access for admins to specific IP addresses.

    • The set speed auto-module command has been changed to set speed detect-by-module (under config switch-controller managed-switch):

      config switch-controller managed-switch

      edit <FortiSwitch_serial_number>

      config ports

      edit <port_name>

      set speed detect-by-module

      next

      end

      next

      end

    • You can now use the CLI to set the maximum amount of power on power over Ethernet (PoE) ports to 30 W, 60 W, or the maximum amount of power for that port.

    • For the FS-6xxF, FSR-216F-POE​, FSR-108F​, and FSR-112F-POE models, you now configure the port-selection criteria at the global switch-controller level. For all other FortiSwitch models, the port-selection criteria is configured at the trunk level.

    • By default, inter-switch links (ISLs) that are automatically formed are assigned a Spanning Tree Protocol (STP) port cost of 1. You can now change that behavior with a new CLI command, set auto-stp-priority. By default, this command is enabled, and ISL ports are assigned an STP cost of 1. When this command is disabled, the ISL ports are assigned the STP cost based on the link speed of trunk members. This command is available for all switch models.

    • You can now define static groups for particular multicast addresses in a VLAN that has IGMP snooping enabled. You can specify multiple ports in the static group, separated by a space. The trunk interface can also be included in a static group.

    • A new toggle button, Advanced Switching Features, allows you to enable the following advanced switching features:

      • On the WiFi & Switch Controller > FortiSwitch Port Policies page:

        • LLDP tab

        • QoS tab

        • VLAN policies tab

        • PTP tab

      • On the WiFi & Switch Controller > Managed FortiSwitches page:

        • MC-LAG Peer column

        • Config Sync Status column

      • On the Diagnostics and Tools pane:

        • Config Sync Status field (under the switch serial number)

      • On the WiFi & Switch Controller > FortiSwitch Ports page:

        • PTP column (values are shown only when the FortiSwitch unit supports PTP)

        • PTP Interface Policy column (values are shown only when the FortiSwitch unit supports PTP)

    • You can now use the LLDP 802.3 TLV to advertise and control the energy-efficient Ethernet (EEE) configuration on managed FortiSwitch units, allowing EEE capabilities to be broadcast across the network.

    • The FS-624F, FS-624F-FPOE, FS-648F, and FS-648F-FPOE models now support FortiLink Secure Fabric encryption. Previously, they only supported FortiLink Secure Fabric authentication.

    • Several enhancements have been made to the FortiSwitch network access control (NAC) and dynamic port policy (DPP). These changes improve port security and provide flexibility in NAC deployments.

      • You can now use the CLI to specify how many hours that the NAC policies and DPPs keep matched devices. Previously, you could only specify the number of days to keep matched devices. The maximum amount of time is still 120 days (3,072 hours). Set the match-period to 0 to always keep the matched devices.

      • When NAC is enabled on a managed switch port, you can now configure the Power over Ethernet (PoE) settings.

      • You can now specify a QoS policy that is applied if the device that matches the NAC policy is the only device on the port.

    • You can now limit the number of 802.1X-authenticated sessions allowed on a port. Limiting the number of devices or PCs per port helps increase the security of the network. The default number of sessions allowed per port is 20, and you can configure 2-20 sessions per port.

    • You can now move an 802.1X-authenticated client device between ports that are not directly connected to the FortiSwitch unit without having to delete the 802.1X session or make any other configuration changes. The switch controller reauthenticates the client device that has been disconnected from one port and then connected to a different port, even if the client device is behind a hub or IP phone. For example, you can move an 802.1X client PC that connects through an IP phone to port1 of the FortiSwitch unit to a port of a third-party switch that connects to port2 of the FortiSwitch unit. MAC move improves flexibility and reliability in dynamic network environments.

    • The FortiOS GUI now supports using both FortiSwitch NAC and 802.1X authentication on the same switch port. Previously, this feature was supported only in the FortiOS CLI.

    • You can now configure in the CLI how long MAC authentication bypass (MAB) sessions are kept. This feature is supported on all FortiSwitch models.

    • You can now configure a private data encryption key for all managed switches on the FortiGate device. This centralized configuration simplifies network administration and reduces the chance of errors. Using private data encryption prevents exposing credentials in plain text when the FortiGate configuration is backed up.

    • The FortiGate GUI has been improved to make switch management easier.

    • You can now control when custom commands for a specific managed FortiSwitch unit are pushed from the FortiGate device to the managed FortiSwitch unit. Before FortiOS 8.0.0, custom commands for managed FortiSwitch units were pushed only when the full configuration was updated. You can now specify that custom commands for a specific managed FortiSwitch unit are pushed after any configuration change on the manged FortiSwitch unit. The custom commands are pushed last after the other configuration changes are pushed.

    • When you set the tunnel-mode to compatible (under the config switch-controller global command in the FortiSwitchOS CLI), the OpenSSL security level is overridden and changes to 0 on the switch that the command is executed on. If you set the tunnel-mode to strict, the OpenSSL security level is defined by the level set for each FortiSwitch application.

    Previous
    Next

    What’s new in FortiOS 8.0.0

    What’s new in FortiOS 8.0.0

    The following list contains new managed FortiSwitchOS features added in FortiOS 8.0.0:

    • The number of supported FortiSwitch devices has increased for some FortiGate models. This change enhances scalability for larger deployments.

      FortiGate model

      Number of supported FortiSwitch units

      FG-50G, FG-50GP, FG-51G, FG-51GP, FG-50G-5G, FG-51G-5G, FG-50G-DSL, FG-50G-SFP

      16 (from 8)

      FG-200G, FG-201G

      96 (from 64)

      FG-2600F, FG-2601F

      300 (from 196)

    • On the Switch > Interfaces page of the FortiSwitchOS GUI, the icon now indicates that auto-network is enabled on the switch. When the icon is blue, it indicates an active inter-switch link (ISL) trunk. Previously, the icon indicated that FortiLink discovery was enabled.

    • You can now specify trusted IPv4 and IPv6 hosts for admin accounts in FortiOS for managed FortiSwitch units. This feature enhances network security by restricting access for admins to specific IP addresses.

    • The set speed auto-module command has been changed to set speed detect-by-module (under config switch-controller managed-switch):

      config switch-controller managed-switch

      edit <FortiSwitch_serial_number>

      config ports

      edit <port_name>

      set speed detect-by-module

      next

      end

      next

      end

    • You can now use the CLI to set the maximum amount of power on power over Ethernet (PoE) ports to 30 W, 60 W, or the maximum amount of power for that port.

    • For the FS-6xxF, FSR-216F-POE​, FSR-108F​, and FSR-112F-POE models, you now configure the port-selection criteria at the global switch-controller level. For all other FortiSwitch models, the port-selection criteria is configured at the trunk level.

    • By default, inter-switch links (ISLs) that are automatically formed are assigned a Spanning Tree Protocol (STP) port cost of 1. You can now change that behavior with a new CLI command, set auto-stp-priority. By default, this command is enabled, and ISL ports are assigned an STP cost of 1. When this command is disabled, the ISL ports are assigned the STP cost based on the link speed of trunk members. This command is available for all switch models.

    • You can now define static groups for particular multicast addresses in a VLAN that has IGMP snooping enabled. You can specify multiple ports in the static group, separated by a space. The trunk interface can also be included in a static group.

    • A new toggle button, Advanced Switching Features, allows you to enable the following advanced switching features:

      • On the WiFi & Switch Controller > FortiSwitch Port Policies page:

        • LLDP tab

        • QoS tab

        • VLAN policies tab

        • PTP tab

      • On the WiFi & Switch Controller > Managed FortiSwitches page:

        • MC-LAG Peer column

        • Config Sync Status column

      • On the Diagnostics and Tools pane:

        • Config Sync Status field (under the switch serial number)

      • On the WiFi & Switch Controller > FortiSwitch Ports page:

        • PTP column (values are shown only when the FortiSwitch unit supports PTP)

        • PTP Interface Policy column (values are shown only when the FortiSwitch unit supports PTP)

    • You can now use the LLDP 802.3 TLV to advertise and control the energy-efficient Ethernet (EEE) configuration on managed FortiSwitch units, allowing EEE capabilities to be broadcast across the network.

    • The FS-624F, FS-624F-FPOE, FS-648F, and FS-648F-FPOE models now support FortiLink Secure Fabric encryption. Previously, they only supported FortiLink Secure Fabric authentication.

    • Several enhancements have been made to the FortiSwitch network access control (NAC) and dynamic port policy (DPP). These changes improve port security and provide flexibility in NAC deployments.

      • You can now use the CLI to specify how many hours that the NAC policies and DPPs keep matched devices. Previously, you could only specify the number of days to keep matched devices. The maximum amount of time is still 120 days (3,072 hours). Set the match-period to 0 to always keep the matched devices.

      • When NAC is enabled on a managed switch port, you can now configure the Power over Ethernet (PoE) settings.

      • You can now specify a QoS policy that is applied if the device that matches the NAC policy is the only device on the port.

    • You can now limit the number of 802.1X-authenticated sessions allowed on a port. Limiting the number of devices or PCs per port helps increase the security of the network. The default number of sessions allowed per port is 20, and you can configure 2-20 sessions per port.

    • You can now move an 802.1X-authenticated client device between ports that are not directly connected to the FortiSwitch unit without having to delete the 802.1X session or make any other configuration changes. The switch controller reauthenticates the client device that has been disconnected from one port and then connected to a different port, even if the client device is behind a hub or IP phone. For example, you can move an 802.1X client PC that connects through an IP phone to port1 of the FortiSwitch unit to a port of a third-party switch that connects to port2 of the FortiSwitch unit. MAC move improves flexibility and reliability in dynamic network environments.

    • The FortiOS GUI now supports using both FortiSwitch NAC and 802.1X authentication on the same switch port. Previously, this feature was supported only in the FortiOS CLI.

    • You can now configure in the CLI how long MAC authentication bypass (MAB) sessions are kept. This feature is supported on all FortiSwitch models.

    • You can now configure a private data encryption key for all managed switches on the FortiGate device. This centralized configuration simplifies network administration and reduces the chance of errors. Using private data encryption prevents exposing credentials in plain text when the FortiGate configuration is backed up.

    • The FortiGate GUI has been improved to make switch management easier.

    • You can now control when custom commands for a specific managed FortiSwitch unit are pushed from the FortiGate device to the managed FortiSwitch unit. Before FortiOS 8.0.0, custom commands for managed FortiSwitch units were pushed only when the full configuration was updated. You can now specify that custom commands for a specific managed FortiSwitch unit are pushed after any configuration change on the manged FortiSwitch unit. The custom commands are pushed last after the other configuration changes are pushed.

    • When you set the tunnel-mode to compatible (under the config switch-controller global command in the FortiSwitchOS CLI), the OpenSSL security level is overridden and changes to 0 on the switch that the command is executed on. If you set the tunnel-mode to strict, the OpenSSL security level is defined by the level set for each FortiSwitch application.

    Previous
    Next